www.trustwave.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payl...
Submission: On April 09 via api (April 9th 2024, 2:30:25 am UTC) from TR — Scanned from DE

Summary HTTP 70 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 20 IPs in 3 countries across 19 domains to perform 70 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.trustwave.com. The Cisco Umbrella rank of the primary domain is 633454.
TLS certificate: Issued by GTS CA 1P5 on April 3rd 2024. Valid for: 3 months.

This is the only time www.trustwave.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	2606:2c40::c7... 2606:2c40::c73c:67fe	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:e05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:4fba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e7a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6812:b07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ac5d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
70	20

35 2606:2c40::c73c:67fe (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.trustwave.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4fba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e7a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:b07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ac5d (United States)

ASN13335 (CLOUDFLARENET, US)

trustwave-21158977.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	trustwave.com www.trustwave.com — Cisco Umbrella Rank: 633454	764 KB
6	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 8721 app.hubspot.com — Cisco Umbrella Rank: 9670 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8416 track.hubspot.com — Cisco Umbrella Rank: 4979	30 KB
5	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 8497 forms-na1.hsforms.com — Cisco Umbrella Rank: 14569 perf-na1.hsforms.com — Cisco Umbrella Rank: 9055	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 4813	24 KB
3	gstatic.com fonts.gstatic.com	92 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 9197 forms.hscollectedforms.net — Cisco Umbrella Rank: 9382	26 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1784	28 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 248	90 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 116	2 KB
1	hs-sites.com trustwave-21158977.hs-sites.com
1	google.de www.google.de — Cisco Umbrella Rank: 4622	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 195	256 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2227	256 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 6750	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 4839	22 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 11294	6 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 7167	160 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	103 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 381	11 KB
70	19

	Domain	Requested by
35	www.trustwave.com	www.trustwave.com
3	track.hubspot.com
3	js.hs-banner.com	www.trustwave.com js.hs-banner.com
3	fonts.gstatic.com	fonts.googleapis.com
2	perf-na1.hsforms.com	www.trustwave.com
2	forms.hsforms.com	www.trustwave.com
2	platform.twitter.com	www.trustwave.com platform.twitter.com
2	connect.facebook.net	www.trustwave.com connect.facebook.net
2	fonts.googleapis.com	www.trustwave.com js.hs-banner.com
1	trustwave-21158977.hs-sites.com	js.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	forms-na1.hsforms.com	www.trustwave.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	www.google.de	www.trustwave.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	app.hubspot.com	www.trustwave.com
1	js.hsadspixel.net	www.trustwave.com
1	js.hubspot.com	www.trustwave.com
1	js.hscollectedforms.net	www.trustwave.com
1	js.hs-analytics.net	www.trustwave.com
1	static.hsappstatic.net	www.trustwave.com
1	platform.linkedin.com	www.trustwave.com
1	www.googletagmanager.com	www.trustwave.com
1	cdnjs.cloudflare.com	www.trustwave.com
70	25

This site contains links to these domains. Also see Links.

Domain
fusion.trustwave.com
console.us.mailmarshal.cloud
www.securitycolony.com
trustwave.ziftone.com
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
blog.talosintelligence.com
www.youtube.com

Subject Issuer	Validity	Valid
www.trustwave.com GTS CA 1P5	`2024-04-03` - `2024-07-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
hsappstatic.net E1	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-17` - `2024-04-16`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hscollectedforms.net E1	`2024-03-29` - `2024-06-27`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2024-03-10` - `2024-12-31`	10 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Frame ID: A20B4760B611243C49B6F298C21CB3B8
Requests: 68 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.trustwave.com
Frame ID: 2C6E570C703998F17D7085693F9F5673
Requests: 1 HTTP requests in this frame

Frame: https://trustwave-21158977.hs-sites.com/hs-web-interactive-21158977-144162456132
Frame ID: 63F713AC2E992BA4F750BAF4DFC74F52
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

70
Requests

100 %
HTTPS

100 %
IPv6

19
Domains

25
Subdomains

20
IPs

3
Countries

1364 kB
Transfer

3664 kB
Size

8
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://fusion.trustwave.com/
Title: Fusion Platform Login

Search URL Search Domain Scan URL

URL: https://console.us.mailmarshal.cloud/
Title: MailMarshal Cloud Login

Search URL Search Domain Scan URL

URL: https://www.securitycolony.com/

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/#/page/reg
Title: Register

Search URL Search Domain Scan URL

URL: https://trustwave.ziftone.com/#/page/logged-out-home
Title: Login

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=&text=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/new-horabot-targets-americas/
Title: campaigns

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/trustwave

Search URL Search Domain Scan URL

URL: https://twitter.com/Trustwave

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC2CCqdrAxD9-Fv83NOdjhqA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

70 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ 182 KB
29 KB 199ms
52ms Document
text/html 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d00ea09ce59f96cc7d81ddf79bc6b75dff10f30bfedc7dc0a984e4f2b4a7632

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 871713198ef0695d-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 09 Apr 2024 02:30:20 GMT
edge-cache-tag: CT-163342860178,CG-123670301864,CG-21158977,P-21158977,W-128102089380,CW-128101228672,CW-128102279083,CW-81597467540,E-139515404388,E-139530684566,E-81591980723,E-81597439004,E-81597448358,E-81597466170,E-82152213034,E-82153728608,E-82154553624,MENU-128102089380,PGS-ALL,SW-2,B-123670301864,GC-128121289992,GC-128125292094,TS-82153808730
etag: W/"2fb7be9e093e171fd2ad11d9af8544e7"
last-modified: Tue, 09 Apr 2024 01:37:19 GMT
link: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLno2asonZVbk5bOj7lB2OBIWKHky%2FPukfnFvxhp0Gwj%2BRVR5DcXaB8ge8e0WE%2BQhhIb6JvWcdPxTNUVdEiiYbVR36SFZz7Yfc3%2Frw%2FQDikFAc5gtsmY42owaPn7JFW9twcJ5rZB5RYVDupXCXYz"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 163342860178
x-hs-hub-id: 21158977
x-hs-prerendered: Tue, 09 Apr 2024 01:37:19 GMT

GET
H3 200 jquery-1.11.2.js Show response
www.trustwave.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 52ms
51ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 6e4ed2b1996ce238462d61d3bfff667a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 2281650
x-amz-cf-pop: FRA60-P6
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7mve3kBaJ5h4oyBrSeaB34wkA8glUh40aMEEHgo7Cd7ID749lH1ntDxmN%2FerMuLbCs9n1AasfiqQPKpj2W7J24YLyrtHbXhLda%2FzEtYkSjhBCu%2FeQMvR7NMs3Is5mbKofAZ1T68YDTW8nXQj9Ls%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87171319df0e695d-FRA
x-amz-cf-id: _VPhB2fj6nD8GmDi5P1RjtbJ90x1_wBuPNZ3kKqZu_uI9uBtiNlMWA==
expires: Wed, 09 Apr 2025 02:30:20 GMT

GET
H3 200 project.js Show response
www.trustwave.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 53ms
53ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 2285846
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKg%2FCpbzkDusL4P%2FS5UkhSP5a7CFOxaK4iLyODxEf9%2B3Q9pjyCrnC8EKarDhbclHLMQtkqWYbP13FGObbJFH7h%2BES12ufHk6pCbwr4ishh95NGR4XCmlCQlw6wPGAZNKnfWPBZ2jUovK8aLxvJ40"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87171319df0f695d-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Wed, 09 Apr 2025 02:30:20 GMT

GET
H3 200 jquery-migrate-1.2.1.js Show response
www.trustwave.com/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/ 7 KB
4 KB 50ms
49ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 18fab39b23fb6b3013058d6df5faf0bc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 2285846
x-amz-cf-pop: FRA60-P6
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"eb05d8d73b5b13d8d84308a4751ece96"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wBDLSVE83hRPhPzyvkFy7l7CWO8M2A21TqY0PqB%2BRaLoFNIWihlkp2aMFbc6CdZDtwagWsVy7gUpjX28ts%2BWF1pPqcazhAnBBHqRRC8xFB3irRUOnSoCVAxzGRztrjY%2FKd0%2Bjj7YpCs8s1%2FS5eQ9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 87171319df10695d-FRA
x-amz-cf-id: WTdO6FiL3OZ3rtwIbEiGcz4aMUsvpBugEaQ29RZFReLNM8oCxiPVog==
expires: Wed, 09 Apr 2025 02:30:20 GMT

GET
H3 200 v2.js Show response
www.trustwave.com/_hcms/forms/ 482 KB
160 KB 72ms
70ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 43
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=8717120cb65665a3-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b0047a8901d8ed9f81db3dcb5982114e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5064/bundles/project-v2.js
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: 4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 59ba6bb5-37ce-4c3c-becd-0a1d01f413be
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 59ba6bb5-37ce-4c3c-becd-0a1d01f413be
last-modified: Wed, 03 Apr 2024 11:15:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dyE%2BK7m90PRbBk16XKlbE7bn8doy4WnQmOKlgBdMideSlX2zoot6HT3n91CthXICkINIbmg7o4IEIuSRjiMj2l%2F1DtJU4wIB7MJHowrmlw6ZMeVtsKEBv6%2BOzGn6TP1NNLF4fKl%2Fclz8FB%2Fmtkv9"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-275zq
cf-ray: 87171319ef12695d-FRA
x-amz-cf-id: Qa8p8GXzaGoitYfYfMJsMbCx7t8720czRpTfGcv55gJbqoKUL6YTAA==

GET
H3 200 blog-details-page.min.css
www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/139530684566/1697555754443/Trustwave_Theme_by_CC/templates/blog/css/ 2 KB
2 KB 112ms
110ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/139530684566/1697555754443/Trustwave_Theme_by_CC/templates/blog/css/blog-details-page.min.css

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc6cc7214c4e9f0e90eb1e51ae83122ea160bd8775b65ce1d4e4649e548cc5ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1381
x-amz-request-id: P95D2HAY462960RF
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f45d89a023e5dfbb1c2dcf73d090eb15"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1697555755106
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XYz2.IufZ2QuWfUKtmSb3ZZaj6s7uH9M
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 042985fb-0927-47cd-9519-ff8e936931f1
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 208
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8Oz2U9gTURDTbhNLEPxCuNEsXfqZyrMJThJx50UWJdTbFcuGRitPlrvUL7UQXP8v+UEltlYCA5Weg8x+8gT3WqhmxxLBZReGnIegz1xGfEo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 042985fb-0927-47cd-9519-ff8e936931f1
last-modified: Tue, 17 Oct 2023 15:15:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TkaO%2FxGVUIhZGE6hlKp7nobtXVGkYfXQG9KJQlTGlxX8VJn1lQMSpneeuB1%2Fkdq8E0EXrDREW0LT5pbaS2voLcL4o%2B2V63sF%2FBBtnbOR0yvYLDYpIYCAPT63Rb0AktNjPGYcDfHOsgjCODyoTOPC"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-tk8pg
access-control-allow-credentials: false
cf-ray: 87171319ef13695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: Tn6qj8NaqEqwK9a63Nn4qGsB73rF22aLCFtPZZsDcWwuEzTqsTF3RA==

GET
H3 200 main.min.css
www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/81597466170/1712315715015/Trustwave_Theme_by_CC/css/ 472 KB
65 KB 113ms
111ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/81597466170/1712315715015/Trustwave_Theme_by_CC/css/main.min.css

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c5a3059044c53bc101442d0d3c4d4dcd3eb95e2658da1cbad5c551f66a25c11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3089
x-amz-request-id: ZZ6EXB24PN35167G
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f8c54e831a8d7754f498de5da23ae71a"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712315717198
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 cbc24fc015944f60fff0a495ec6d86c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: iqgvCmhoRRb8tTVtt5Gr2N1pxQUizxvb
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 201f7bee-ce2d-4768-978e-5abe0eef0be2
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 201
alt-svc: h3=":443"; ma=86400
x-amz-id-2: khHOJoN6revr2ywbwmEDjpJbTiJ9li19oLnhGQDZ40iNeyTJvEPzlA5xDuNtPDkCeH/6MheGvYp2m2jqHz9/pyMEbHaEKs+Q
x-evy-trace-route-configuration: listener_https/all
x-request-id: 201f7bee-ce2d-4768-978e-5abe0eef0be2
last-modified: Fri, 05 Apr 2024 11:15:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rFMqMWl7FmTIPHNSEpKpPU2UYQHxPzjskiGqNS1k9Sk605bJjK4inoOezp3bgia%2BgmTa%2BWkleoL%2FOL%2Fco8wS0EU4Ce0E%2FEcWxhaYx4SOzxdnPW0MHe4h9Le5y4UztU%2FpNDEsJCta8AlHBhnUSY47"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-xcm9c
access-control-allow-credentials: false
cf-ray: 87171319ef14695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: Ox6cguFodC2bHG0ndh848_B18TnLOYlepzbv1RnjeAIvgE9r52eBUQ==

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/ 58 KB
11 KB 54ms
28ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1479119
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10491
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f7b5b5f-e7d0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqKDUbiRwZVlU7n4bFYb0Ddw%2BR8J%2BArhpJjBQI%2BdeIuubwitwfsFCXdDhYvR6yukwRLy0mejrrOxhvw9NKdGEBIZwnSIqIOyHc2krz9VlO8C1M%2BKpGg5kTCVJ%2BpskKJDbxJ%2F6jyrN2hx%2BkUkT2axILgz"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8717131a0cc218f3-FRA
expires: Sun, 30 Mar 2025 02:30:20 GMT

GET
H3 200 child.min.css
www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/82152213034/1712323343173/Trustwave_Theme_by_CC/ 13 KB
5 KB 128ms
126ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/82152213034/1712323343173/Trustwave_Theme_by_CC/child.min.css

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e909108dcb4178e16ef1eece4a4bea384e6758a71f08e8eb04926708c55185e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1427
x-amz-request-id: 1KA0CY1RQW98DYMX
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"02c4d80e85929b33b73eb09f141c8af3"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712323343868
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 b140d5b0fbed1dab248b0959f44a7944.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: D.jDrqwnr2rRcMCLeVcoAk8z4LkItAqj
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a5466acf-fe98-4aa3-8339-dc6bb0474fe2
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +AXubLjLR9jNbGBC2MuSlSlgoqWABa0UheTQFZh5bwY2PBrq8xcmrC0svicKeyUpUMyqMIVyyH0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a5466acf-fe98-4aa3-8339-dc6bb0474fe2
last-modified: Fri, 05 Apr 2024 13:22:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2F1nqZ4G8rv89nam5FH1dyDG6uyiWJiksWGi9xqz1KqFlNYseL6S5e7BplbFIGETr%2FqT3hr5CvPANEQeV91DKCh6sddzrSk4wGhZDCSym%2BiMCdRmU6oM8whwXHzahl1ZedwrGbRD0t%2F2t2yqrZQs"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-787tz
access-control-allow-credentials: false
cf-ray: 87171319ef16695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: iOMyK6AFYvmdzoRttpvwT7Xlto8dSLWtDnLb1MhOS2sdKZYeFPazZQ==

GET
H3 200 module_128101228672_Global-Footer.min.css
www.trustwave.com/hs-fs/hub/21158977/hub_generated/module_assets/128101228672/1708967264895/ 5 KB
3 KB 130ms
129ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/module_assets/128101228672/1708967264895/module_128101228672_Global-Footer.min.css

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e265152f15fa40a6fd69a0ad02eb36a7a9133a4c512b6d1eba31f6754316c12b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1427
x-amz-request-id: J6JS3DY547SRYZJ6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6480a428c9a549d8b3c99626aaacfac1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1708967264895
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GwiUUcueHPCDxJ9jAz5F0.B1Zvi0QIpS
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3584db94-0280-47c1-a1a2-625a55b066f1
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: x0EisPJ3LTQ4bqCdOFC5px/DgJx6i6vT4nlsrCBdIfTaogSUV3OqkwFk742vBnsRNdnY9erQBow=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3584db94-0280-47c1-a1a2-625a55b066f1
last-modified: Mon, 26 Feb 2024 17:07:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lDtPoY09ceEG5r5M9ZTXg0mrvOZRYwKWP0bZgq3S3NfwjX6swgAj1Klc9%2FxuPUCUOWAFFpucq6T9iBLoC3Wn%2BBH8uSMHNtGIVXvN9qpLzIUUHnyoYB2z29BM%2BZ6d0lh5KmVYal5nBKrwFd1cjq9R"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5c8495489f-wvfbh
access-control-allow-credentials: false
cf-ray: 87171319ef17695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: r5g9duUbJt5CNDlYQEYU38qRMCz9_XG0EWDb1lL6qXT9kcar6JJwWg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 324 KB
103 KB 98ms
48ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DP8B111F8E

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

87f6aa66ac165ece732331dd8fb6a2e8dab09b37b076eb0a3fc14db3ddc7a298

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105107
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Apr 2024 02:30:20 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 163ms
27ms Script
text/javascript 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

5152d2b7da47c8462fc1eda174b90f8db3da851ee8bac7dc2bd6a4d4f8a4bc0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
content-length: 163638
x-li-uuid: AAYVn/SyGiGvBNFGDfhg2g==
server: Play
x-li-pop: prod-lva1-x
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Tue, 9 Apr 2024 02:36:49 GMT

GET
H2 200 css2
fonts.googleapis.com/ 21 KB
1 KB 86ms
31ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Apr 2024 02:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Apr 2024 01:44:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Apr 2024 02:30:20 GMT

GET
H3 200 trustwave-logo-white-2.svg
www.trustwave.com/hubfs/ 3 KB
3 KB 116ms
116ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/trustwave-logo-white-2.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128100622688,P-21158977,FLS-ALL
age: 556596
x-amz-request-id: 7PEDX6D7FPCVYF6C
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128100622688,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"e8cb445e4c27332e8570d10d602fdd19"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691039362140
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 dc468f8259c800daf36aec7b41b2dac8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: oI2MORy_OkleDZaoezAu6g_xj2bAbduG
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128100622688,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /Dq1rR3y1TbBnfd5BeljXz1SSb88OjJY6XP6+HpNZlG3Jpa2adDbQfRSduwi//wTAt1f2w3edno=
last-modified: Thu, 03 Aug 2023 05:09:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fC6KluOAwJwKebr1188yegTtr9H9nwwfiMDGPR7WHt%2BCVwl8bO61sov8Q83yVoN7AZGulaGRbanLuzHUsCn%2BGCx3wzOVhc6LLi7uzdNgT3lvkPGINonzGihZ87UfYroiUzrizt3s4aeNS9S%2FIQ5w"}],"group":"cf-nel","max_age":604800}
cf-ray: 87171319ff1a695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ssakGuiKtSyrBDQLxNB5SKERjTMox-O8DxwO6xdmrfiMNUwiuS8urA==

GET
H3 200 trustwave-logo-color.svg
www.trustwave.com/hubfs/ 3 KB
3 KB 117ms
117ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/trustwave-logo-color.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eec92db3906701a283982a9ea481e806b6fd01fb2efb2c802cba1c376b19c2f5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128100622667,P-21158977,FLS-ALL
age: 556596
x-amz-request-id: J91M031FF5N16KPX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128100622667,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"76f7b7794944e96ba65f7c6043218c0c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691039317566
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 1903071a927324e2fb28199ee96c4bb2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TCQaxwgvJWlxmJgBnndIMe4s_3lbLPlf
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128100622667,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: EMVkqxNui3NG/z6QJT/4XzXm9mhwiXJ+ChySVOUlKrN1FxrxFND9ycITk46j36Bzbb5XYz1wgQc=
last-modified: Thu, 03 Aug 2023 05:08:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k5v8oJqXmHo0YQJPnYwR%2B0zpIeQuP7DX%2FpHJ0CZ2eEbgGL5%2BN2gakbCF%2BdBhFUZq24J1PSbeutDrzY1LjY0%2FC6kLRpuVCoSbBsA0Pe4p8%2BsIttHUv7HkrJsIi2VaTyBLntbObeE01Wf%2FHDo%2FVTVK"}],"group":"cf-nel","max_age":604800}
cf-ray: 87171319ff1b695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: w0FUzGcN7zEPevhtxb5S6D_9zvaVEzW1wIhtnZqQGrmnvjJiIXhUAQ==

GET
H3 200 twi-managed-portal-color.svg
www.trustwave.com/hubfs/ 8 KB
3 KB 45ms
45ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/twi-managed-portal-color.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e696e6b476f0fb39793d102c6b1e8450775a04ffd853b3c8f1630d9ae16bf55

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128143670162,P-21158977,FLS-ALL
age: 556595
x-amz-request-id: SV4PXB2DP7F7WDH9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128143670162,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"a70e9f3797a8d08079a8ba77bef4312f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691070765428
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 b77e6c4c926acdb5c1a30b7465e6750e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mqTdN32.TopiM2RRgffwUDiQ77a0LxdT
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128143670162,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xbLrlkBUFN4p3nSbokriUew275H6vYvtf9SI/uzDKpjQ0fOJvhQrITPSoQWx1Wu7RNQS+JJSD8k=
last-modified: Thu, 03 Aug 2023 13:52:46 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sIqJ4ovD3K1Gy%2FOK3pDfoT3gCTFLf7c0930aFDpSOgq9%2BCQi7Kh5CRsO1CBLOiolz3qE81BU81CaBNbHdJL7Cpo8MEh54afBMY5%2FTl2WDRlQ9vf2Z0fB%2BFAnb1xcHfyRFyx0IAHyIHx16ApgB5Dh"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b2f84695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: _VXh5QBuluGG75_aJ19LhlT_GWn0FIPeddO17iqXpLMrI9YGXY4nkQ==

GET
H3 200 twi-briefcase-color-svg.webp
www.trustwave.com/hs-fs/hubfs/ 446 B
1 KB 55ms
54ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/twi-briefcase-color-svg.webp?width=50&height=41&name=twi-briefcase-color-svg.webp

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24b23890eec5ec1f5e92a77505cd33dffecd739e4abf8b686d088e18f78d6ff7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128145953132,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 446
cf-resized: internal=ok/e q=0 n=911+0 c=0+0 v=2024.3.2 l=446
last-modified: Thu, 03 Aug 2023 13:49:13 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfJZKXGXS9duxwi1vXudajIXapzDcFau1Cz8kuC6WeDQ:854afcba9e08535576a135b9cd78796c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ycze08NvlufURUhqq0wEPx0PzMAtWPT2Qt8WBxx3pw2ojTAnfkwe%2BQj4zqIsH51BtrnDq6Gcm5pHXKZpWytp9gRd0PIxkF%2BPIemZUGP%2FpWtbcemi8jVwtPN%2B4FBelu3OIC5JVwQI0FdF437ceiXU"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b4f92695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 tw-laptop-data.svg
www.trustwave.com/hubfs/Web/Icons/TW_svg/ 2 KB
2 KB 56ms
54ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/Web/Icons/TW_svg/tw-laptop-data.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0dc4a1d85bdeac8cb759bdc1012b5409b7f308fe3deda672f963ec2bbf6adfc4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-122280454249,FD-122277419021,P-21158977,FLS-ALL
age: 556596
x-amz-request-id: EHPV1EHTQBS2646N
x-amz-server-side-encryption: AES256
edge-cache-tag: F-122280454249,FD-122277419021,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6d3a0bc5a386edbcd7db4f8d8828147b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687757478211
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QA.X6not.0yjZOrbHLRZ1CVi9fDBFMpm
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-122280454249,FD-122277419021,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: y8xcaf4YTWQ9HMqg5LrYbAtKGStYalwqWI+4s1+xQRLQTRlBAGO/nftzsyKqLKBoLTxNQzmktwY=
last-modified: Fri, 11 Aug 2023 16:10:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ha3MZVoJDlBa9G6R8OvGme1sW%2FnQzuqnMD5wI9o75efLSIi52FFERCfF13Fn5vBjCCwt5ZvlIHheGu%2Fwo%2FVkaPEnfKCQuSHXA5v%2FqALV5fuMtWQ0WAMz4v4yRszfEe%2FgxNh%2Fd%2FJEn4EHc7m7tILD"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b4f93695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: vUIgazxYh8S7ckihcbHGg3g86BaRNMMuaY3o74VH0sdvrfeLpx5WIw==

GET
H3 200 twi-database-color-svg.webp
www.trustwave.com/hs-fs/hubfs/ 1020 B
2 KB 61ms
60ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/twi-database-color-svg.webp?width=41&height=46&name=twi-database-color-svg.webp

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b05f251da8f33185152ffc1affe96e4ee9574b936ac1a5cef7e71dc72a39c72

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 256cd380c9790a2b71d68709829caa18.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128146105118,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1020
cf-resized: internal=ok/e q=0 n=899+0 c=0+0 v=2024.3.2 l=1020
last-modified: Thu, 03 Aug 2023 13:50:01 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfhoEwmC4l0o8ILSlfmXPcdQYKdoaW5iy16Xc7-OYkDQ:5bdb559241b3760cc9005d5defefdea3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OeOGVCr2b08kxUdCEQRrMFVv3%2BF6RVPcPVLUVE%2Bk0xyhF6YcCYnqA7xS%2FGVOslFqLDFqkbeEc7EL%2Fh8jh8aFqfNy%2BEu5vZHyYOqmVAyAEJeB0EASyd%2F5wlqEkTVZa77e7CBgE1ycb1qTf1SxK%2F7M"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b4f94695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 twi-email-color-svg.webp
www.trustwave.com/hs-fs/hubfs/ 342 B
1 KB 59ms
58ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/twi-email-color-svg.webp?width=50&height=35&name=twi-email-color-svg.webp

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f0ce2913427411d355b440e8cfaa3f7e02cc7c0daafcad15c31817018e00b5e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 8bd22c4e977189bdb5963957ff8477de.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128140075098,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 342
cf-resized: internal=ok/e q=0 n=650+0 c=0+0 v=2024.3.2 l=342
last-modified: Thu, 03 Aug 2023 13:50:10 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfJaFTSz_w9nmJUa1TfZ14jGHmyfI_pMEN_ySs7tGODQ:38a921be2b321d9942567f904c926dcb"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UUiP9yhk%2BPIvzyBJNJlFEbRcDmP1JLL0FPk2H82Tu1xjUJsPRvbuaikKMirv%2B2CAiNoV8mSPsmNIhR8fS40QzI6CstNQzhT0gtmCRIgAh%2F8aPy7twzhtkd8QDktn1wOls86YePK%2FNMAcdW%2BBNHXu"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b4f95695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 tw-network.svg
www.trustwave.com/hubfs/Web/Icons/TW_svg/ 3 KB
2 KB 60ms
59ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/Web/Icons/TW_svg/tw-network.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5babb1b7019cbbd17967ddda1462c5e8cca4e6690f6b8ed44bbd1f047ffa7f2f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-122280422785,FD-122277419021,P-21158977,FLS-ALL
age: 556596
x-amz-request-id: 0F3E4HC3JC5NYCYH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-122280422785,FD-122277419021,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"15c5a2d9d176898af988310746fd3d3f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687757496834
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 3e28473376ca49b2cafcfef86a39cf34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: sDs.42m_dH0TTeKYM76B9iUQ1TFuy8Zv
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-122280422785,FD-122277419021,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: DYajY98pVfYc5nU+Ny2K65QwBWoapNN3ehIBPmPAVnig6oBSAGgRD2QX6TW/SUV0uae3N+RkTs8=
last-modified: Fri, 11 Aug 2023 16:10:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=llZsvsBQ0W2tP9tjnbQOz1KlgL5582NuyKKaKVQf%2FXWjwywsMYIUSxul9UCPno4sG%2BpMAp7%2FANr3vv59uF8wkCmTu81sQ3SY3L4i6wfq1ZNBRRPnEcrJYUXbGwymnryYj7wbEpKF1hNzftqnZ2qE"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b4f96695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 8Gu6lIZ3rRBQSxI0MIxJgZ-oa1qzAaihta8rMO1wq8O6eLQ4PLdLoQ==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.840/ 13 KB
6 KB 84ms
35ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
x-amz-version-id: e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via: 1.1 a2ce61e5ddc66736c9e2bfb6581fa2da.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 631034
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Apr 2024 16:01:41 GMT
server: cloudflare
etag: W/"3a4474324e070674ecd017b9d44b9c99"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFpNt0L3LzAPpu6zcRsPd4Ko%2FKr5jZ9hpkNe2O5WXTj06pE9V4ui4NHE5lfJED%2BvKdtBcRytAOS%2FRQo7y96V82n0WBIZloPPzYcC1ZcZHi%2FLbylQMOr0ZwltCgBzzv6ioMoeylEDe9ETMSi4EBRQGmb1E5M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8717131b9f944d44-FRA
x-amz-cf-id: uPbLZkmjrnCQRcy_jlXxA53kIIcKlWFGGfQZ_1GaMR0TsSieN4Mxjg==
expires: Wed, 09 Apr 2025 02:30:20 GMT

GET
H3 200 child.min.js Show response
www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/82153728608/1709750596133/Trustwave_Theme_by_CC/ 1 KB
2 KB 53ms
53ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/82153728608/1709750596133/Trustwave_Theme_by_CC/child.min.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

81e57fb0c46c9097b3d7aae4727834f8f73c9437c384d137daa6ec3a4d0b2c04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3088
x-amz-request-id: BNBBPP56RXWDVQBR
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6535814d73a9c6d1cf8c352c59b46cec"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1709750596297
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 e4938fc434947f57a79af6b9b403df6e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TCDn0yR1ZE24e4c45HagfxFF3I53wpEK
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: cd604697-566b-422e-b63b-b5b41ab82ac2
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 173
alt-svc: h3=":443"; ma=86400
x-amz-id-2: zZM4F2nhjuaHxjsGmR7KeR+LvqZO920X3lufB53EjEkNbugpVkNL0KFdq8bKIpKFTeSPE5+IfFU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: cd604697-566b-422e-b63b-b5b41ab82ac2
last-modified: Wed, 06 Mar 2024 18:43:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fIwHlKCN%2BaWgwusAvABLV8E0L5cvsnQzYmwpbkysI9jJC3lmA0psqHyA6xvi8wAchCH75nfps5Q0zZ5TgM%2BncPS7JHkLV0Cm9NObPoeXUVx4KDoXqAPwbmMUgSlmh26dWy2wnmQCaf42SSG67vST"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5c8495489f-xmkhz
access-control-allow-credentials: false
cf-ray: 8717131abf5a695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: YfmjcWrJFZEU7rN7bm9qCd3rjVuOl1hhUVC4Ax_1TjPZweC5oGvEcQ==

GET
H3 200 plugins.min.js Show response
www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/81597448358/1712315717303/Trustwave_Theme_by_CC/js/plugins/ 203 KB
56 KB 62ms
61ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/81597448358/1712315717303/Trustwave_Theme_by_CC/js/plugins/plugins.min.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0489b75e77d280d9ca13eb42cb6e1aebf6ef9b1d437dc25f002fc980515759a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1648
x-amz-request-id: ZZ69RWDETBCX6FAK
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"3d8f539744180e031681d0ab50fa2384"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712315718447
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 35306eb26a83034d2e583f34ce922c08.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T2G3t_xPZydIQwbs5sAG20M7WuwzbbzN
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 7a7e6822-09e8-40cb-a268-3f592b53276a
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 184
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 64Tpoje+Nd+wzOWEVEJi6vh6VpFjgRePtJCUUegsgll0lX1joDLhBljqk9MyTO0VvhHgmD/7V3U=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7a7e6822-09e8-40cb-a268-3f592b53276a
last-modified: Fri, 05 Apr 2024 11:15:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tCSnWzrBXh1vGzaxqjZA9IuIIBEZOLSDYcRXNRh%2Fnx%2F9pzWPtEVRDlmNMTCiNArBY72SEL4GFhT2aFgv9wQwmhIgYXApbzjNeQScXWjyriwMESvgov%2BseYXS3xZGmkL8jLqg1HUtLPoXYnbI8O6"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-787tz
access-control-allow-credentials: false
cf-ray: 8717131b4f97695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: SPWvyLVgDBCZlWeQtlV18f2ZV4Uk6pY81wRcfiGfAriR_Rt32x0Meg==

GET
H3 200 main.min.js Show response
www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/81597439004/1712315709355/Trustwave_Theme_by_CC/js/ 30 KB
8 KB 57ms
56ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/81597439004/1712315709355/Trustwave_Theme_by_CC/js/main.min.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed759dd6594076bcb698f376fd042545704f1cd447cb3f502072c20cd7330778

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3088
x-amz-request-id: FFMVX20S692BMJSA
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d1c424fe75f16a1893f4bb1865f7dbf0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712315709706
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 1bc23a6188e36846e1cf72b17d7ac1ac.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: DSIkIsIbXV6AJVhE00AYBOVOPh5Pk70j
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a902b98c-a02d-4354-91ae-749d2ee49078
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 189
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Glzz6pD6qrBIGE4IWdL4sSBgNq6TD3rjoCnii0N1YvXnp5KQk29ZRcKm2U/jWvWWIEceEYOniRk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a902b98c-a02d-4354-91ae-749d2ee49078
last-modified: Fri, 05 Apr 2024 11:15:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2FQ6CvZWGOqqYCJH2NVfngGMWj26KhJpiGhn2NdfYnXmUL2Nu8899tdDKDeuXUblt4J3XVJM%2FU5vePGV65usoF2jDYZotemV6Irb0TdeQF5eRONjR0GygmypZ6j4nh%2Bg9MNfo49TIoEBSCGC8dfa"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-666dffc5d9-787tz
access-control-allow-credentials: false
cf-ray: 8717131b4f98695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: -ddJOIlDKSUt0FU_e-1Me2ErsUClHYSi1jOGQHUrdW-d-ogWLkKGvg==

GET
H3 200 module_128101228672_Global-Footer.min.js Show response
www.trustwave.com/hs-fs/hub/21158977/hub_generated/module_assets/128101228672/1708967264033/ 166 B
2 KB 44ms
44ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/module_assets/128101228672/1708967264033/module_128101228672_Global-Footer.min.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9175d8ac97a6ab8e61098fadc2cafb1b211c1d8e859f9326ccf5af2fd2af67a9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3089
x-amz-request-id: J6JSTFKKFJK7KVSY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"8984d708c25d0caf5de6dd29126c145b"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1708967264033
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: BwkgQOhM2b0YeUKQLLWuxqCNy9niCmLo
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 005883af-b4b0-42c3-8a14-bb2a13f8f981
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 173
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 5QWc9+6zlazrXb3jeQd4bjq3E6LYnFRMW65tRYwvBbQ+sC4xeqezq64OvmI5BVHwcO7L48bGAq0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 005883af-b4b0-42c3-8a14-bb2a13f8f981
last-modified: Mon, 26 Feb 2024 17:07:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5znRCiYzAeYuOyxi3njTBRsJQTHV57Ch6IEMnTEf%2Fph3zG%2Fd1STyQBXhyMP9Q0Mvj1stBKHf9VojQE1tRl3cKd%2FwAEv4ooAK9ZPci1P2zGsZUfbBZBw1htPeZ8Wl%2FU8IKz4z3TTHp%2FCwH4S%2BQVuT"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5c8495489f-tlb9j
access-control-allow-credentials: false
cf-ray: 8717131abf5e695d-FRA
timing-allow-origin: www.trustwave.com
x-amz-cf-id: OO9WWY4VoxJvnnTjXOwFCcpO_Y_B_musCcF6Zsdzp-kx3O0VTfZXsg==

GET
H3 200 21158977.js Show response
www.trustwave.com/hs/scriptloader/ 2 KB
1 KB 67ms
67ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs/scriptloader/21158977.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f96ee50f26550dc1f2f55298c6636155bfdc93cc3a0e91c1dc6cc0efebcb3fba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 67
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2504
x-hubspot-correlation-id: 7ea7b3d8-2456-4f97-9b98-3a861a23c5eb
content-encoding: br
x-envoy-upstream-service-time: 13
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7ea7b3d8-2456-4f97-9b98-3a861a23c5eb
last-modified: Tue, 09 Apr 2024 02:29:13 GMT
cf-bgj: minify
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.trustwave.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-697677dfc-djj9k
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1yFHy%2FfOCqUYj2MjvEyqpzrYR2Ves%2B4J1sWX5dZkL3Te6UALCwqA3Y%2BfQR2Ix2DaowNeNU1TB7MNYc83rv9RTqRswEoE0C7auHl9X0voDN5tVyTleyhtp2rFGHBz5S32WwoXmbE58mHZ3cnQXQw"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b4f99695d-FRA
expires: Tue, 09 Apr 2024 02:31:50 GMT

GET
H3 200 index.js Show response
www.trustwave.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 62ms
61ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1678601
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9xPREim6w3LDMh9KNyRJkHUHw1txlwnAgiTGCoxFGKGM6UH8k%2F28CBRVpvF8Mx9a2HA4a30QAFFXBxtEFF0cmDAZVJnon7MnX9e0Y2Zvn3QLQq4VPZHr5ZIU16b75i%2BdBgiUADARmW9zFe6dZcUq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8717131b4f9a695d-FRA
x-amz-cf-id: LBGxxkuxmXbhcFaI-NR3fKwzXfE0BgYFZAIA9oCaZx8Z6HSTKhi43g==
expires: Wed, 09 Apr 2025 02:30:20 GMT

GET
DATA 200
OK truncated
/ 593 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e05d2a01e0ba927da714f5096eb52126900d29805a7900c9bda3fec2d6ffda1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 logo-dark.svg
www.trustwave.com/hubfs/Web/Icons/Social_Media/ 435 B
2 KB 52ms
52ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/Web/Icons/Social_Media/logo-dark.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/82152213034/1712323343173/Trustwave_Theme_by_CC/child.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf666161ad22b77eae0b12ee524e444bf3a633dfa9c7b7520ac4c9d429beb215

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/template_assets/82152213034/1712323343173/Trustwave_Theme_by_CC/child.min.css
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-148652928284,FD-122277888131,P-21158977,FLS-ALL
age: 556595
x-amz-request-id: SQRN39KYPVXGB158
x-amz-server-side-encryption: AES256
edge-cache-tag: F-148652928284,FD-122277888131,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"c09687d74ea8dab44892109fe6fb3c99"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1701806279278
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 8bd22c4e977189bdb5963957ff8477de.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 1L4bZi7b364TARW.6YQ_C67C21HS0XJx
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-148652928284,FD-122277888131,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vkPakk0zWNOFyIa+aAfryNZDuUrCmUQjM/Eq8W0w1f3ab20+uGImgznHrWTyAUZy8yUigIrO9uI=
last-modified: Tue, 05 Dec 2023 19:58:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6IXb6u9OvvT8u0tnWQ8jxT%2Bvn0jCiGfC5v3ANVBaOZbqYJ%2F7BnzAXuwMLuljoqYNq9kQaTkbK2V36lADseEC%2BxqHCTFtZylstwx7tDtSQM8tLb%2FRsoImzJ6eBZL5RqnX7jtc37HXNEVrGDMImyn1"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b7fa9695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: Vi2JML_0G65yRQC0Mf8ZRHIn-m9xOGZ3RexzqaFmsWrdvabf6UdTig==

GET
H3 200 footer-icons-sprite.png
www.trustwave.com/hubfs/Web/Icons/Social_Media/ 8 KB
9 KB 49ms
47ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/Web/Icons/Social_Media/footer-icons-sprite.png

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/module_assets/128101228672/1708967264895/module_128101228672_Global-Footer.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd8227e0a0b658c714d037e52e38916b5977dd3fd3556bc599b6044a7591153

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/hs-fs/hub/21158977/hub_generated/module_assets/128101228672/1708967264895/module_128101228672_Global-Footer.min.css
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-148755795088,FD-122277888131,P-21158977,FLS-ALL
age: 556595
x-amz-request-id: J91QGQSFCHN7YYJ6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-148755795088,FD-122277888131,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="footer-icons-sprite.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "0a271c901bcd67606cf9950d817c91ba"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1701872351507
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mUqugcO5IxktLwFns.Enp_cZo.eVZXIl
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=15318
x-cache: RefreshHit from cloudfront
cache-tag: F-148755795088,FD-122277888131,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 7964
x-amz-id-2: ShBKiqn8aMukfSCLxK33QemXqu1TGrqIGBFskNHw277uQ4h5MehPCNLSjMLGJ7pLT7deQDTrn3fVWjUEneYWNoNHppnco/GMiEaQ1WKiuog=
last-modified: Wed, 06 Dec 2023 14:19:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iSKVCo3WESZkjMG64R30P%2BKOk7XBbHRhJSM1bgX1lRgmwGhFLEAtbpU6WBry6%2FsFhbSYvAAByfGyYygeyK1VrbSdiAPiBF4fImz%2F9z7u4CZ6A4adReT7MjPAfJjUCZaTJHBWas4oBM9zUCh8K2E8"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8717131b7fab695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: l539muLVuLuuizQJAdxzDAb7hdiSYpvYfIvIRUsptppwO4c1aI9jpw==

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 69ms
20ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.trustwave.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Apr 2024 07:44:24 GMT
x-content-type-options: nosniff
age: 585956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Apr 2025 07:44:24 GMT

GET
H3 200 fusion-logo-color-1.svg
www.trustwave.com/hubfs/ 9 KB
4 KB 49ms
48ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/fusion-logo-color-1.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a76b2bc12b0e3c9536c8c0c3af4170cc66c19ff44fb96326aa6b542ee272365f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128110843556,P-21158977,FLS-ALL
age: 556595
x-amz-request-id: XRH1T6BZWDE5NF9R
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128110843556,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3c40447ba4c11c9d528b57e822168958"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691046374924
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 e9b74ccbde368a1365608891aeccb498.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: cm5F7s1T0dr42OZeRahy0M4j0V7SSeZ.
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-128110843556,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: k9ScLHTxbldgM5uqwz52M+ElZ7F0GPpkv7sJM2IFqhFiKaEQziCg7qOk5IRDXkV3A2TNfnEOatU=
last-modified: Thu, 03 Aug 2023 07:06:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TKvI5UrL6Hbjm27NEd8683%2Fk471rU%2BpQp%2FzpKXX6SIdGXOSR4VdPp1jmmK1Vbf2gBPhqbQfui9VF2J7Sn5xNI9te4Eq9IbYDl5scVJ3ci9MW5XOeP1SXethmjRq820C7jSOf5jNEXYkVi2YdzNpf"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b9fb2695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: OagwI-3r-Vp0SWtVogc9Ees4vaTaya9IJXVKY7U9OrmkJDdUDI8Eog==

GET
H3 200 Figure%201.%20Phishing%20email%20sample%20with%20zip%20file%20attachment.jpg
www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/ 6 KB
7 KB 50ms
49ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/Figure%201.%20Phishing%20email%20sample%20with%20zip%20file%20attachment.jpg?width=682&height=348&name=Figure%201.%20Phishing%20email%20sample%20with%20zip%20file%20attachment.jpg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7894b2702e0b9f81c01791732296f850ebf56d0d0eac4143f232537c55c804b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-163350625185,FD-101978658890,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 6612
cf-resized: internal=ok/m q=0 n=885+0 c=2+36 v=2024.4.0 l=6612
last-modified: Thu, 04 Apr 2024 21:24:55 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfM3SLxvZF5ZGqfmxp03awMRj_RHnL1EkMPxU8mX95DQ:6f555927fd055d94965ebe7a3955b9ca"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v0044DvNrcCXwGeoaD1Qs3j1uNtAB7OTM9o6XjvD9qc3jpa2pfnkIdUqCdFvb91jcbNjH%2BuKgvn7tRsTif2gsbVTEq3f%2BARClsMOIJW7SNx5AKrIy8MyYYi199nT%2BIJHTOmd6Lx%2F8FN8DM7b1k%2BP"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b9fb3695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Figure%201.2.%20Email%20Header%20of%20the%20phishing%20email.jpg
www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/ 15 KB
16 KB 58ms
57ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/Figure%201.2.%20Email%20Header%20of%20the%20phishing%20email.jpg?width=600&height=117&name=Figure%201.2.%20Email%20Header%20of%20the%20phishing%20email.jpg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

267f5f948de156a67993805008437f9db0aef193f113dcf8b6f169f7d659acf4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 0833e8be76641de099b8f4a92c7a1c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-163349686143,FD-101978658890,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 15450
cf-resized: internal=ok/h q=0 n=26+0 c=0+13 v=2024.4.0 l=15450
last-modified: Thu, 04 Apr 2024 21:29:43 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfHCTM1FwArI2sAaej3dvU60KRVqMH8PFnjau9DnbbDQ:4796520f2dce179a4c959787c598840f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9ZxzvWV5TEde4jmqSJdBvMboiaicgd31B1m1f%2F2XsfQj7AribFnKprN3nSL9SulnHJux7py6PMyr%2B4FrV3OyYQYNq%2BH%2F0%2BbY%2FrXNgHvjn772SgpQ41T24QUpPXuEl7q6pXsuqmul2SCYQPEq9cN"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b9fb4695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Figure%202.png
www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/ 298 KB
298 KB 50ms
49ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/Figure%202.png?width=794&height=611&name=Figure%202.png

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

330d07b95eca32648fd20150efb44c8aec15c389992bf4953ed2ea1bd668c20d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 dc929648f0c936ae1fcea0675ad0382c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-163349041297,FD-101978658890,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 304762
cf-resized: internal=ok/m q=0 n=778+0 c=5+367 v=2024.4.0 l=304762
last-modified: Thu, 04 Apr 2024 21:32:45 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfnVI_OcglSBIr_tfm82IbX5aCr3xCkH3XC7ikbaWHDQ:8c1f1a30118af7128295de3631d92ef9"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJNTkzWjTns1NFBvxOtXEzRxq0hfchZpYa09oueyjPxYqhFUQ8Z5vAXLtVK8SZNt2JIiitqI8nYWPu81cdcdjWuK9EvLWvQAzXqnUGw4ClggW476CrLn1byM2QoY%2BFekfROlVNUE%2BJg09I8ByAhI"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b9fb5695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Figure%203.%20Suspended%20page%20when%20access%20in%20a%20different%20region.jpg
www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/ 15 KB
16 KB 73ms
72ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/Web/Blogs/SpiderLab/Figure%203.%20Suspended%20page%20when%20access%20in%20a%20different%20region.jpg?width=1529&height=891&name=Figure%203.%20Suspended%20page%20when%20access%20in%20a%20different%20region.jpg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ebbd930dbf4e5ad173598e34fa9644e2495dd429cdc13047ac53edeafaec918

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 a991dcd8f589d8cb7c64929ec2a499b2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-163353747746,FD-101978658890,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 15626
cf-resized: internal=ok/h q=0 n=26+0 c=2+79 v=2024.4.0 l=15626
last-modified: Thu, 04 Apr 2024 21:29:44 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfTAB7UfVwAcIimQhG6Ec74vJ3louv6Ksf9zeixZZ8DQ:92a26a1488ddafd06716ecba3f037f6e"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ac2U%2FvlG%2BoJ4KCRWG0xK9Bl9281EJ3v6yyqifzQqgCBd1Fj0K%2BKzk9yzzC9X2AO7zXk4SEf8wGT7b%2F745Ib4uMPvJhGHd7%2FpLxiDIjwC%2BnrjmeyGPd4WAPOBY8S9MqmcJHCIeUGcXGBWlUP3IA3T"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131b9fb7695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 json Show response
www.trustwave.com/_hcms/forms/embed/v3/form/21158977/92358282-9e9e-4fe6-a21f-c30c1e55336d/ 54 KB
9 KB 165ms
165ms XHR
application/json 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/_hcms/forms/embed/v3/form/21158977/92358282-9e9e-4fe6-a21f-c30c1e55336d/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

15110a05b329609458a60735163fad2344e2d5adac8d710c87c6be3d180889ff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4c412287-5793-41e7-a6da-30995e30e517
content-encoding: br
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4c412287-5793-41e7-a6da-30995e30e517
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-wmph4
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zs7%2BowweIvH9SovG6W21vuQA6ywLTTXn4kaPpZ49LBebBzLIxS7soJNJ9l%2BEsnT7ncBmEehkNZZqoBQgnMjbX1PNb2jevsU7ksCmGIBILAWEaHB%2F7kEBkmFATnD6r0WT0IdqBfRq5xkSXSl3vdTo"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b9fba695d-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H3 200 json Show response
www.trustwave.com/_hcms/forms/embed/v3/form/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c/ 2 KB
2 KB 155ms
154ms XHR
application/json 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/_hcms/forms/embed/v3/form/21158977/68741a11-8e56-4f23-ba7f-b2307e77714c/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1de6bf8aec78dc1f439e518bc3d14aba506693990b69f18ff16ace21f3bb5361

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 40c00f1a-fe67-4c51-bd94-9e7fdd7ab2a0
content-encoding: br
x-envoy-upstream-service-time: 12
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 40c00f1a-fe67-4c51-bd94-9e7fdd7ab2a0
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xbl6g
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rAUcQnVgeI2D3crj0FNhmtiszLUv%2Bbi9cP%2FWPQRYM%2FDe8o0yQyh763H198XSOIVSkKWH%2FyRla4OpxiJZcOF%2BbFUieo97xyXCFtAWMVlb%2FWQIee%2FbkocuNF85KCJNlEB0gNDnl%2BxHzHdoHhUEi8TD"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131b9fbc695d-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 90ms
44ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

95090735af7469d92e554e4cbe90792f2ab68049f92a76169bfa611a87c10cac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 09 Apr 2024 02:30:20 GMT
content-md5: YwqhgiW9FjZeS+UnLc+0zA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1326, tbw=2795, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: cZbAPNAgO7tulmE8dBjw1KPjDtOsbSojw/byub3iv+EJ0eLNA5XlGVzAuTP5iErUV4PQ/RnJswZXtHyqPND7tQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: e112904991b30933728dc49d11ccf48d
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "ff75ccd104dcc9a2ab42bc7d8d3cf9e5"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 09 Apr 2024 02:42:10 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 106ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6772) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 09 Apr 2024 02:30:20 GMT
Content-Encoding: gzip
Age: 480
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6772)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 21158977.js Show response
js.hs-analytics.net/analytics/1712629500000/ 68 KB
22 KB 206ms
157ms Script
text/javascript 2606:4700::6810:4fba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1712629500000/21158977.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/hs/scriptloader/21158977.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb65b5c55654badebf42267a514a325e3d496f97a44cef2781c3e979edfae8ca

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: WXJRKRCAXC58GT21
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 675d3ee9-9617-4455-a440-4156b6cc6f92
x-envoy-upstream-service-time: 28
x-amz-id-2: 3H0swscocTW3gHo4YS5YyYUAYTWma/wvzkM0xRAZO5y0UzbqhM/12XjbRbxvaOpkyQRS9fBn1H9UHqt7EXp/mXnQr6WWpr79zeJP6z8RCyY=
x-evy-trace-listener: listener_https
x-request-id: 675d3ee9-9617-4455-a440-4156b6cc6f92
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 05 Apr 2024 19:20:11 GMT
server: cloudflare
etag: W/"4538cbc70f6e112c4450b33cf627177c"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-fp48c
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8717131c0b799a09-FRA
expires: Tue, 09 Apr 2024 02:35:20 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 167ms
34ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/hs/scriptloader/21158977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Origin: https://www.trustwave.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 510
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.487/bundles/project.js&cfRay=871706a71dd35d41-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d1b5d702ce4c8385e7f9e088139af398"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.487/bundles/project.js
date: Tue, 09 Apr 2024 02:30:20 GMT
x-amz-version-id: TBuW8j2Zg4wDwUJfaxQJP8dPtvRalswh
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 5c11ea43-05c8-4798-85f0-10627a11f069
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 12
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5c11ea43-05c8-4798-85f0-10627a11f069
last-modified: Thu, 28 Mar 2024 11:43:17 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-trtck
cf-ray: 8717131c9b525d96-FRA
x-amz-cf-id: ApxJSnuPggGKG61QLBr1guKQ31qQN2-xaZkOh6ePf6B-f37uI14TXQ==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 88ms
39ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/hs/scriptloader/21158977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Origin: https://www.trustwave.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 510
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.995/bundles/project.js&cfRay=871706a71c9965bc-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d838571cd390adf273ef11f2c93c66a2"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.995/bundles/project.js
date: Tue, 09 Apr 2024 02:30:20 GMT
x-amz-version-id: e6CBI7TNV0080vUb0QC9_Ce844NXultr
via: 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: e5f15d5d-db51-4457-9851-670c87d663a3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-request-id: e5f15d5d-db51-4457-9851-670c87d663a3
last-modified: Wed, 20 Mar 2024 13:03:05 UTC
server: cloudflare
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOOsGOJuAuk5DmmK%2BdrfuSCZvz%2F6Tu8VfADVdiY2A%2FojoutUkSc%2BEkD51yxYIpqwOovNN5KiIJydR3gYZtO4qgQQ99TlwaALL8jepuxC9DQDoBzC%2FK7%2BAQDc8%2BVdkOVgYyVYOp4yJTLFpdbz"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-xzfkt
cf-ray: 8717131c0d3965a7-FRA
x-amz-cf-id: bRMnWlVKgaq-fPKrnEfhm4LAJBY79CqCvUUpznue2t_TgoqRFH36oQ==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 142ms
35ms Script
application/javascript 2606:4700::6811:e7a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/hs/scriptloader/21158977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e7a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
x-amz-version-id: NPmBAW9YLDyQDhAGPmBdyF1DJfeS0dQT
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 292
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.546/bundles/pixels-release.js&cfRay=87170bf61d0f1d92-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 8663f2fe-9d5c-438c-a464-4ddd190590e3
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8663f2fe-9d5c-438c-a464-4ddd190590e3
last-modified: Thu, 04 Apr 2024 13:54:33 UTC
server: cloudflare
etag: W/"437693b047b4419d0e2549e3f640e3c1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-n7dww
cf-ray: 8717131c6f44a600-FRA
x-amz-cf-id: PhfhZ-DrPPVxiEwY4mjJcaimdHZ2W08Ab7yV6q7rlirYfEol0AwF5w==
x-hs-target-asset: adsscriptloaderstatic/static-1.546/bundles/pixels-release.js

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21158977/ 77 KB
24 KB 387ms
337ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21158977/banner.js
Requested by: Host: www.trustwave.com
URL: https://www.trustwave.com/hs/scriptloader/21158977.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83d626b192de16b0a0524354a9ce897f065965b83f18806020c145f30d3f7ba8

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
x-amz-version-id: Z.Op41ZDkRhbgQakK.PCqNjxt8gJOz72
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 8RHW1R11G15Y81DN
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 1f118434-2e3e-4681-bd1a-9d54a553a7e0
x-envoy-upstream-service-time: 14
x-amz-id-2: 6mSSNZmhulCDUa89toC3b6E2Bdk8bR8nII7o0rdIVD88QyxFt8Atxez23G5RrLv/0glRQgZZ2lI=
x-evy-trace-listener: listener_https
x-request-id: 1f118434-2e3e-4681-bd1a-9d54a553a7e0
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 01 Apr 2024 15:48:50 GMT
server: cloudflare
etag: W/"c5ee2b5cc86f7ed4259d38e6b4a851c4"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.trustwave.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6dfb9475dd-zxf69
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8717131c0dae9733-FRA
expires: Tue, 09 Apr 2024 02:35:21 GMT

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 249ms
198ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=21158977

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 268a3901-7372-414e-a1b5-10d9f10a1ce7
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8717131c3b609a33&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 268a3901-7372-414e-a1b5-10d9f10a1ce7
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://www.trustwave.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-7rrlj
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8717131c3b609a33-FRA

GET
H3 200 Capture.webp
www.trustwave.com/hs-fs/hubfs/ 682 B
1 KB 40ms
39ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hs-fs/hubfs/Capture.webp?width=36&height=35&name=Capture.webp

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cba86763d54a1524797876cff19255336fffbb52a686b872b39e6f371af36308

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 f32f19f2f9b3c0c60a4ff31c809ed008.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-128126701606,P-21158977,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 682
cf-resized: internal=ok/e q=0 n=889+0 c=0+0 v=2024.3.2 l=682
last-modified: Thu, 03 Aug 2023 10:33:21 GMT
cf-bgj: imgq:0,h2pri
server: cloudflare
etag: "cfkqi2R786c1jKNMfNm2GGBpyQ0dOkxlwMrDtxgmYVDQ:12739921254b8a99ec1e4fa35b232eee"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6c9mSd%2BgrbaoKmOFlMEH%2B%2FmN%2FS3TiZjC5wohTU3vzEr1aFkgoDtyI6pJmXXjxWDOo%2FdlIDpJoIGM5eFG8MzP%2FoVX6R5QXNeTRtxb0eXFHW7cF8Ya%2B6DX3RUlNUHlbQEtifH3ULEJtGIoNbgKMf0K"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8717131c0fd1695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 tw-officer.svg
www.trustwave.com/hubfs/Web/Icons/TW_svg/ 3 KB
3 KB 42ms
42ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trustwave.com/hubfs/Web/Icons/TW_svg/tw-officer.svg

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f281e04cb9a9deb50fce7307b1e5c8220b6bffdef18c8bb347ee9908426b682a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-122280581004,FD-122277419021,P-21158977,FLS-ALL
age: 556595
x-amz-request-id: EHPZ2YBBE1J946D5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-122280581004,FD-122277419021,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8cabfe75bf5af9d9a8dcffbaeaf757b2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687757496416
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: OiujE07YKOe.i0iPvyFLPQof1tmvJPY_
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-122280581004,FD-122277419021,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: FGdF4pNjcQ4Lqvz0heBI+gDrXzXQ86uyNlpoEzbSg2JtoyVXG2JkIbOMOdjA+DuAKS+nSX512AA=
last-modified: Fri, 11 Aug 2023 16:10:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2FPhLGi6bu%2FMUOCLvVEACYV7jU2wFvfuc6jIm11ob8EmkhdAvjuAs%2FAypnJXAaz5pPQ9AmwHHp8hNPJZZdYHDZU5xf5ckBRLNZNacFGihu%2BDpK%2B1qepp0J1Q3n%2FdOv5G6ykGIaiDPwhYYUvFA4Hk"}],"group":"cf-nel","max_age":604800}
cf-ray: 8717131c0fd2695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: SJ7tkp5C46q0dWl_0IVtZBK4X6iCvJwwRjER48_rqQgstSD5BRiuCw==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 89ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-DP8B111F8E&gtm=45je4430v9102389651za200&_p=1712629820589&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2071455482.1712629821&ul=en-us&sr=800x600&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=Eg&_s=1&sid=1712629820&sct=1&seg=0&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&dt=Phishing%20Deception%20-%20Suspended%20Domains%20Reveal%20Malicious%20Payload%20for%20Latin%20American%20Region&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=586
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DP8B111F8E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 09 Apr 2024 02:30:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trustwave.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 112ms
51ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-DP8B111F8E&cid=2071455482.1712629821&gtm=45je4430v9102389651za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DP8B111F8E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 09 Apr 2024 02:30:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.trustwave.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 89ms
42ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DP8B111F8E&cid=2071455482.1712629821&gtm=45je4430v9102389651za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1522964885

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 09 Apr 2024 02:30:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 305 KB
86 KB 56ms
32ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=0d8d6f8fd2cdbd409fb46436decaa665

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8f00a9bddfe9f03e15c9be4053a348a6ee0915a96bceaefbff9e48088d92182e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Origin: https://www.trustwave.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 09 Apr 2024 02:30:20 GMT
content-md5: RdSVpc7SOUdP36/lvsha/g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88177
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=22, rtx=0, c=23, mss=1232, tbw=4317, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: Zp5MzRMpEtYItxCfmUc2H53vdnc3oewSCh6MpjmEwpS/hPeaEEgLCQZJ3xFr31nr8gSt3BjoSB/9ZFLmrJCCjw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 24bb6492e004893b989fabe7857ba8c6
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "50b45b4a68865b29f084d2043e3f75c6"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Wed, 09 Apr 2025 01:39:34 GMT

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 216ms
216ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21158977&currentUrl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&contentId=163342860178

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8ec70d551b0ae3bbe75986be10685003a09cb9d2e0dcd9d5d56d80d71226962

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ea212de-48da-4ddc-9680-4199d80c98f9
content-encoding: br
x-envoy-upstream-service-time: 79
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5ea212de-48da-4ddc-9680-4199d80c98f9
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.trustwave.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B3HhNj1eILK7TlfVmBSfQqYyk6PavP7yD4yKSjsNmNK9cymoDEgSrVESJmWsbwat7yxa%2B89sxTkyOzwZ5orACH9YHUfy9eOFasgO4TSMWWoL4OY%2FZ8LGEVSPMAh4V8gScRlfhPGjb05olwZLgPhLsFp%2FQjSoVs0Sq3w%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8717131c8d7265a7-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-wmph4

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 2C6E 0
0 96ms
21ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.trustwave.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1297368
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 09 Apr 2024 02:30:20 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
879 B 163ms
129ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1c876566-b277-43c9-8afc-37149228479f
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1c876566-b277-43c9-8afc-37149228479f
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-d8hts
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8717131ce97b3668-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
847 B 144ms
142ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b3c6ba82-38ea-4c76-addb-ccd4d9062a63
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b3c6ba82-38ea-4c76-addb-ccd4d9062a63
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-x9vms
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8717131cf9873668-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 116 B
437 B 129ms
128ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=21158977&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

932082305544d3426acaefac13815f07c276046aee77847071d1dfc1754636e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 020a969a-1bdc-4606-806b-298be7a12329
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 020a969a-1bdc-4606-806b-298be7a12329
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.trustwave.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-7rrlj
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8717131d0b775d96-FRA

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
538 B 151ms
150ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=4

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 62f53e74-fc07-4146-b7d0-f968d5de23b5
x-envoy-upstream-service-time: 14
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 62f53e74-fc07-4146-b7d0-f968d5de23b5
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-lhqjs
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8717131de9ff3668-FRA

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
579 B 148ms
148ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d19274cc-aa84-4447-87c5-a24d997b04d0
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d19274cc-aa84-4447-87c5-a24d997b04d0
last-modified: Tue, 09 Apr 2024 02:30:21 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-lhqjs
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8717131dea043668-FRA

GET
H3 200 hs-web-interactive-21158977-144162456132
trustwave-21158977.hs-sites.com/ Frame 63F7 0
0 223ms
181ms Document
text/html 2606:4700::6811:ac5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trustwave-21158977.hs-sites.com/hs-web-interactive-21158977-144162456132

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ac5d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
age: 1381
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-144162456132,P-21158977,PGS-ALL,SW-2
cf-cache-status: HIT
cf-ray: 8717131e3ca51e4a-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 09 Apr 2024 02:30:21 GMT
edge-cache-tag: CT-144162456132,P-21158977,PGS-ALL,SW-2
last-modified: Tue, 09 Apr 2024 02:06:36 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/embed/v3.js>; rel=preload; as=script
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 70
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-bots-td/envoy-proxy-568b74b86b-nd6hk
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 144162456132
x-hs-hub-id: 21158977
x-hubspot-correlation-id: 46015f5b-0dd8-401c-8187-05659cfd7dfa
x-request-id: 46015f5b-0dd8-401c-8187-05659cfd7dfa
x-robots-tag: none

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
552 B 28ms
28ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/21158977/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Apr 2024 02:30:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Apr 2024 00:49:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Apr 2024 02:30:21 GMT

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 158ms
158ms Fetch 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/21158977/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: a8651dbd-0227-4aea-8f08-954bf9553605
x-envoy-upstream-service-time: 32
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: a8651dbd-0227-4aea-8f08-954bf9553605
server: cloudflare
x-trace: 2BEDB2DA7E1C9225F632AE41B076C69C07C40B61ED000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-76d78f4b75-ndxvl, iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://www.trustwave.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 871713209ba6a022-FRA

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 361ms
313ms Preflight
application/octet-stream 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.trustwave.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.trustwave.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8717131e9abfa022-FRA
content-length: 0
content-type: application/octet-stream
date: Tue, 09 Apr 2024 02:30:21 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 1
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-pvzd8
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 6593b9f5-aab6-4d2a-af5e-5fb0659a230e
x-request-id: 6593b9f5-aab6-4d2a-af5e-5fb0659a230e

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.trustwave.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 06 Apr 2024 07:36:31 GMT
x-content-type-options: nosniff
age: 240830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 06 Apr 2025 07:36:31 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://www.trustwave.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 08 Apr 2024 06:51:21 GMT
x-content-type-options: nosniff
age: 70740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Apr 2025 06:51:21 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
753 B 146ms
146ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=800x600&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2604799944&v=1.1&a=21158977&pi=163342860178&ct=blog-post&ccu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&cpi=163342860178&cgi=123670301864&lpi=163342860178&lvi=163342860178&lvc=en-us&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&t=Phishing+Deception+-+Suspended+Domains+Reveal+Malicious+Payload+for+Latin+American+Region&cts=1712629821616&rv=1&vi=57a9668c223719e3f0aadf10b0e5b60e&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d21bb528-c2ff-4361-ad6b-07346e718636
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d21bb528-c2ff-4361-ad6b-07346e718636
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YDQ99lcJ%2FFSjUmAjOddq%2BShBavR9DDTFDv5oHC%2FZWHjzZ9pMqsZFXIQPMDXQvVtTEAMtRayXi3GRzfTN6CnYaYl8lNpd6sKpPzffJAoJB%2B7PR0NGnZcEjQDKBLGqOVAclKHJAdapu7r2dj3DjBS2"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-z56nz
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 871713212d439a33-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
894 B 139ms
139ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=68741a11-8e56-4f23-ba7f-b2307e77714c&fci=bfb57402-31a6-4ac0-9f20-89f1dc596a2d&ft=0&sd=800x600&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2604799944&v=1.1&a=21158977&pi=163342860178&ct=blog-post&ccu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&cpi=163342860178&cgi=123670301864&lpi=163342860178&lvi=163342860178&lvc=en-us&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&t=Phishing+Deception+-+Suspended+Domains+Reveal+Malicious+Payload+for+Latin+American+Region&cts=1712629821617&rv=1&vi=57a9668c223719e3f0aadf10b0e5b60e&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 60118401-a765-4f43-af0e-f186e24d8d19
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 60118401-a765-4f43-af0e-f186e24d8d19
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oiwZDJcZaM2BPflLiZjlEVTfsAzOPu2%2BUbL%2B39gpVPxFgc6eu0tA3CdQ2Ftklb5iBnyUChkaRKGUr5Tqb1hEl1F9KNaSsVcT97tvoNoYYiXRL%2FaaXAppRFco9wgwih9jkDbD6uZ6cqZypOHwGhC2"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-bfdd2
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 871713212d449a33-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
929 B 151ms
151ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=92358282-9e9e-4fe6-a21f-c30c1e55336d&fci=5cc9e840-7ad8-4ed9-8a85-33509798dcb8&ft=0&sd=800x600&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2604799944&v=1.1&a=21158977&pi=163342860178&ct=blog-post&ccu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&cpi=163342860178&cgi=123670301864&lpi=163342860178&lvi=163342860178&lvc=en-us&pu=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Fspiderlabs-blog%2Fphishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region%2F&t=Phishing+Deception+-+Suspended+Domains+Reveal+Malicious+Payload+for+Latin+American+Region&cts=1712629821617&rv=1&vi=57a9668c223719e3f0aadf10b0e5b60e&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 356bcbfa-160c-4726-84dd-54b2401600bf
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 356bcbfa-160c-4726-84dd-54b2401600bf
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9ttsD4gLlw7Udu2unyxBFvbSRKm0zZK%2BmVhblR4ZNyceIQa2Dckfzvi73DKC7jjCIdX3VbSlhfUYlB9Ph%2BmmxvzF%2BS2vhaTYNPO0ob7oZG26Os2RL6Y5NrCibhSMyUMFuMQvc4Y1pTgocbEOO0a"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-bfdd2
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 871713213d479a33-FRA
x-robots-tag: none

GET
H3 200 Trustwave_Icon_Color-2.svg
www.trustwave.com/hubfs/ 852 B
2 KB 46ms
46ms Other
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trustwave.com/hubfs/Trustwave_Icon_Color-2.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bb4da4c63ba3c24b12d490047341228490f286581d1e3456dee26e3ef9e0f19

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-76358605837,P-21158977,FLS-ALL
age: 556426
x-amz-request-id: 490T1N8AN8P3N9TF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-76358605837,P-21158977,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"0cb7b227a259bb94ab92f464856d7998"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1655238214424
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000
via: 1.1 f32f19f2f9b3c0c60a4ff31c809ed008.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 34OSLfBHPgYBzcn6lqn17B0kfZRTEI_X
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-76358605837,P-21158977,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: m9Sd7UrznJAfU5PeUD/8K1bRTDaOtPg9jpSkC1hP142JTx8bc/hogZrska90nz3virg5MPwbtM4=
last-modified: Tue, 14 Jun 2022 20:23:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJcuXE2r3yMC6ogn4Q8gY4C%2B1yLCZB3%2BaD2pX1YIOKl4gxe4JWZiUMAkexo5eNOHaCAcfqA1G44%2F0mxkIpqQE%2FkeCU3e9W3xbRgUuqELIpg6ykunvJLOUWwKc4KPRNthXCrei841zYE8zzoZfYTL"}],"group":"cf-nel","max_age":604800}
cf-ray: 87171321396e695d-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 2V_LORIvgC2kkVgco1YMSeMsbewqTM9M0abLytAUTLFrps9JcfjRYA==

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
579 B 134ms
134ms Image
image/gif 2606:4700::6812:b07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 02:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d9ed49ea-cc0a-46e0-8083-f0394f350075
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d9ed49ea-cc0a-46e0-8083-f0394f350075
last-modified: Tue, 09 Apr 2024 02:30:21 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-6k6z5
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 871713214bad3668-FRA

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.trustwave.com/	1970-01-21 05:19:49	Name: _ga Value: GA1.1.2071455482.1712629821
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: f44735b9dc8207c51f6a6ed9152597b0b1307eaf-1712629821
.www.trustwave.com/	1970-01-20 19:43:51	Name: __cf_bm Value: 7DIlPczJaUD6TSK407MlJvCkO7W9ExpLiSFKY7ldhqc-1712629821-1.0.1.1-nhs1EhV.qdY9.zazClCTzDAz2ZSHNz_a7oxXS3v4g6BGmEG9UjDQXbrlYOXyBjZRo2NX9EQcB7WqKbbHBrlo5g
.www.trustwave.com/	1969-12-31 23:59:59	Name: __cfruid Value: dcec83becefb69287cdcb048a8eb7f2789f6a6ef-1712629821
.hubspot.com/	1970-01-20 19:43:51	Name: __cf_bm Value: tDkdHu3eYK_1DDhdTT0ZzAe51SyCLOXne1QJZElDlKw-1712629821-1.0.1.1-3BXFsZIJq7mxLpk0J9sNZ6Y07JlFyDpbO3VzUK6bZe2EVXbul8m1xyIEjOzp.Nc68jIX5l8XZnebfnW5kGlT3g
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: CaxNuUFpP8U.H03tTIF4deWL84IWaLSNKZi3aX4ek8c-1712629821760-0.0.1.1-604800000
.hsforms.com/	1970-01-20 19:43:51	Name: __cf_bm Value: MeW898VPIxSlbwOo7XciPVej.oPgbm48MnMewOvxWpc-1712629821-1.0.1.1-5cetGLypiuUq3MP6lr0OP4LrXhQCEHQbkQAB3tncYEnfivW3krfXu4tXDPQT8QaUmY11hX5_RLQjB3uPigA2XA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: RIjQjIPJPymFJipn.ivNun6MuDgD3kIi0ALEtEghJa8-1712629821777-0.0.1.1-604800000

47 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-deception-suspended-domains-reveal-malicious-payload-for-latin-american-region/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hubspot.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
region1.analytics.google.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
trustwave-21158977.hs-sites.com
www.google.de
www.googletagmanager.com
www.trustwave.com
2001:4860:4802:32::36
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67fe
2606:4700:4400::6812:22e5
2606:4700::6810:4fba
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:e05d
2606:4700::6811:190e
2606:4700::6811:ac5d
2606:4700::6811:e7a3
2606:4700::6812:b07d
2a00:1450:4001:803::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2008
2a00:1450:4001:827::2003
2a00:1450:400c:c00::9c
2a02:26f0:480:f::213:7ec6
2a03:2880:f083:100:face:b00c:0:3
0bb4da4c63ba3c24b12d490047341228490f286581d1e3456dee26e3ef9e0f19
0dc4a1d85bdeac8cb759bdc1012b5409b7f308fe3deda672f963ec2bbf6adfc4
0e05d2a01e0ba927da714f5096eb52126900d29805a7900c9bda3fec2d6ffda1
15110a05b329609458a60735163fad2344e2d5adac8d710c87c6be3d180889ff
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1de6bf8aec78dc1f439e518bc3d14aba506693990b69f18ff16ace21f3bb5361
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
24b23890eec5ec1f5e92a77505cd33dffecd739e4abf8b686d088e18f78d6ff7
267f5f948de156a67993805008437f9db0aef193f113dcf8b6f169f7d659acf4
2cd8227e0a0b658c714d037e52e38916b5977dd3fd3556bc599b6044a7591153
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
330d07b95eca32648fd20150efb44c8aec15c389992bf4953ed2ea1bd668c20d
5152d2b7da47c8462fc1eda174b90f8db3da851ee8bac7dc2bd6a4d4f8a4bc0d
558e9f2d852ad9a343cfa2b6343e53b6080dae149933e04da166f597696a072d
5babb1b7019cbbd17967ddda1462c5e8cca4e6690f6b8ed44bbd1f047ffa7f2f
65390c3b5e18df070a11dd947ca2f91668714ee2a8575956b93c8b1590b9532c
66e9a17c05981ae02d122a6845f9f904f13edeae0973af6fdbc44bb77ee5bbf0
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d00ea09ce59f96cc7d81ddf79bc6b75dff10f30bfedc7dc0a984e4f2b4a7632
6e696e6b476f0fb39793d102c6b1e8450775a04ffd853b3c8f1630d9ae16bf55
7c5a3059044c53bc101442d0d3c4d4dcd3eb95e2658da1cbad5c551f66a25c11
81e57fb0c46c9097b3d7aae4727834f8f73c9437c384d137daa6ec3a4d0b2c04
83d626b192de16b0a0524354a9ce897f065965b83f18806020c145f30d3f7ba8
87f6aa66ac165ece732331dd8fb6a2e8dab09b37b076eb0a3fc14db3ddc7a298
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f00a9bddfe9f03e15c9be4053a348a6ee0915a96bceaefbff9e48088d92182e
8f0ce2913427411d355b440e8cfaa3f7e02cc7c0daafcad15c31817018e00b5e
90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7
9175d8ac97a6ab8e61098fadc2cafb1b211c1d8e859f9326ccf5af2fd2af67a9
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
932082305544d3426acaefac13815f07c276046aee77847071d1dfc1754636e4
95090735af7469d92e554e4cbe90792f2ab68049f92a76169bfa611a87c10cac
9b05f251da8f33185152ffc1affe96e4ee9574b936ac1a5cef7e71dc72a39c72
9ebbd930dbf4e5ad173598e34fa9644e2495dd429cdc13047ac53edeafaec918
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
a76b2bc12b0e3c9536c8c0c3af4170cc66c19ff44fb96326aa6b542ee272365f
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
b7894b2702e0b9f81c01791732296f850ebf56d0d0eac4143f232537c55c804b
bc6cc7214c4e9f0e90eb1e51ae83122ea160bd8775b65ce1d4e4649e548cc5ee
bf666161ad22b77eae0b12ee524e444bf3a633dfa9c7b7520ac4c9d429beb215
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c8ec70d551b0ae3bbe75986be10685003a09cb9d2e0dcd9d5d56d80d71226962
cba86763d54a1524797876cff19255336fffbb52a686b872b39e6f371af36308
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e0489b75e77d280d9ca13eb42cb6e1aebf6ef9b1d437dc25f002fc980515759a
e265152f15fa40a6fd69a0ad02eb36a7a9133a4c512b6d1eba31f6754316c12b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e909108dcb4178e16ef1eece4a4bea384e6758a71f08e8eb04926708c55185e5
eb65b5c55654badebf42267a514a325e3d496f97a44cef2781c3e979edfae8ca
ed759dd6594076bcb698f376fd042545704f1cd447cb3f502072c20cd7330778
eec92db3906701a283982a9ea481e806b6fd01fb2efb2c802cba1c376b19c2f5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f281e04cb9a9deb50fce7307b1e5c8220b6bffdef18c8bb347ee9908426b682a
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
f96ee50f26550dc1f2f55298c6636155bfdc93cc3a0e91c1dc6cc0efebcb3fba
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

www.trustwave.com Open in urlscan Pro 2606:2c40::c73c:67fe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

70 Requests

100 %HTTPS

100 %IPv6

19 Domains

25 Subdomains

20 IPs

3 Countries

1364 kBTransfer

3664 kBSize

8 Cookies

13 Outgoing links

Redirected requests

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.trustwave.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Screenshot
Live screenshot

Full Image

70
Requests

100 %
HTTPS

100 %
IPv6

19
Domains

25
Subdomains

20
IPs

3
Countries

1364 kB
Transfer

3664 kB
Size

8
Cookies

70 HTTP transactions
1 data transactions