blog.cyble.com Open in urlscan Pro
192.0.78.183 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Submission: On June 20 via api (June 20th 2022, 11:38:41 am UTC) from IN — Scanned from DE

Summary HTTP 109 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 25 IPs in 5 countries across 17 domains to perform 109 HTTP transactions. The main IP is 192.0.78.183, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is blog.cyble.com.
TLS certificate: Issued by R3 on May 18th 2022. Valid for: 3 months.

This is the only time blog.cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	192.0.78.183 192.0.78.183	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1 26	130.211.21.179 130.211.21.179	15169 (GOOGLE) (GOOGLE)
9	2606:4700:20:... 2606:4700:20::ac43:4768	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
6	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	151.101.2.217 151.101.2.217	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
6 10	52.211.210.83 52.211.210.83	16509 (AMAZON-02) (AMAZON-02)
3 4	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2010	15169 (GOOGLE) (GOOGLE)
109	25

26 192.0.78.183 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

blog.cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 130.211.21.179 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 179.21.211.130.bc.googleusercontent.com

koi-3qnocuxufa.marketingautomation.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app-3qnocuxufa.marketingautomation.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:20::ac43:4768 (United States)

ASN13335 (CLOUDFLARENET, US)

injection.amibreached.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.217 (United States)

ASN54113 (FASTLY, US)

tag.perfectaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.211.210.83 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-210-83.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.53 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	marketingautomation.services 1 redirects koi-3qnocuxufa.marketingautomation.services app-3qnocuxufa.marketingautomation.services	352 KB
26	cyble.com blog.cyble.com	598 KB
10	prfct.co 6 redirects pixel-geo.prfct.co — Cisco Umbrella Rank: 15944	4 KB
10	wp.com s0.wp.com — Cisco Umbrella Rank: 6896 stats.wp.com — Cisco Umbrella Rank: 2946 pixel.wp.com — Cisco Umbrella Rank: 2681 i0.wp.com — Cisco Umbrella Rank: 3432	161 KB
9	amibreached.com injection.amibreached.com	264 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	596 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 storage.googleapis.com — Cisco Umbrella Rank: 467	1 MB
5	google.com www.google.com — Cisco Umbrella Rank: 9	48 KB
4	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 435	4 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 705 syndication.twitter.com — Cisco Umbrella Rank: 957 analytics.twitter.com — Cisco Umbrella Rank: 554	134 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 125 cm.g.doubleclick.net — Cisco Umbrella Rank: 217	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60 region1.google-analytics.com — Cisco Umbrella Rank: 9409	20 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 308	491 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 96	99 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 358	239 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 402	275 B
1	perfectaudience.com tag.perfectaudience.com — Cisco Umbrella Rank: 19453	4 KB
109	17

	Domain	Requested by
26	blog.cyble.com	blog.cyble.com
16	app-3qnocuxufa.marketingautomation.services	1 redirects koi-3qnocuxufa.marketingautomation.services app-3qnocuxufa.marketingautomation.services
10	pixel-geo.prfct.co	6 redirects blog.cyble.com
10	koi-3qnocuxufa.marketingautomation.services	blog.cyble.com koi-3qnocuxufa.marketingautomation.services storage.googleapis.com
9	injection.amibreached.com	blog.cyble.com injection.amibreached.com
6	i0.wp.com	blog.cyble.com
5	www.gstatic.com	www.google.com
5	www.google.com	app-3qnocuxufa.marketingautomation.services www.gstatic.com www.google.com
4	storage.googleapis.com	koi-3qnocuxufa.marketingautomation.services
4	secure.adnxs.com	3 redirects blog.cyble.com
3	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	blog.cyble.com storage.googleapis.com
2	cm.g.doubleclick.net	2 redirects
2	ups.analytics.yahoo.com	1 redirects blog.cyble.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	pixel.wp.com	blog.cyble.com
2	platform.twitter.com	blog.cyble.com platform.twitter.com
2	www.googletagmanager.com	blog.cyble.com www.googletagmanager.com
1	pixel.rubiconproject.com	blog.cyble.com
1	us-u.openx.net	blog.cyble.com
1	analytics.twitter.com	blog.cyble.com
1	tag.perfectaudience.com	koi-3qnocuxufa.marketingautomation.services
1	syndication.twitter.com	platform.twitter.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	stats.wp.com	blog.cyble.com
1	s0.wp.com	blog.cyble.com
109	27

This site contains links to these domains. Also see Links.

Domain
cyble.com
securityboulevard.com
cyble.io
www.cyble.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2022-05-18` - `2022-08-16`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.marketingautomation.services GlobalSign RSA OV SSL CA 2018	`2022-06-03` - `2023-07-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-14` - `2023-06-14`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.perfectaudience.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-05` - `2023-02-06`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.prfct.co Sectigo RSA Domain Validation Secure Server CA	`2021-11-02` - `2022-11-02`	a year	crt.sh
storage.googleapis.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Frame ID: 52A5C6EDEA180C5B916EBDAD1DA52D3D
Requests: 63 HTTP requests in this frame

Frame: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Frame ID: 68B87C64CCD4AB2263EA1401080E9CB7
Requests: 17 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fblog.cyble.com
Frame ID: 412AB2C55B6302FD8D5EA41EEC7AF8E7
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT&co=aHR0cHM6Ly9hcHAtM3Fub2N1eHVmYS5tYXJrZXRpbmdhdXRvbWF0aW9uLnNlcnZpY2VzOjQ0Mw..&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&badge=inline&cb=dk85c6xq5pbr
Frame ID: 4D0366C1A86F825A6FC9E0116FE6875A
Requests: 4 HTTP requests in this frame

Frame: https://injection.amibreached.com/stats.json
Frame ID: F4A65D9B0E3EEF6D7F052EADF2170ACB
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT
Frame ID: 3FCCA6E71FC49B31FB45D61B3C4A7501
Requests: 4 HTTP requests in this frame

Frame: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
Frame ID: E2BF0C6D83154D593580EA22C66C5BE8
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ngrok Platform Abused by Hackers to Deliver a New Wave of Phishing Attacks — Cyble

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

109
Requests

93 %
HTTPS

44 %
IPv6

17
Domains

27
Subdomains

25
IPs

5
Countries

3665 kB
Transfer

10209 kB
Size

23
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://cyble.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://cyble.com/about-us.php
Title: About Us

Search URL Search Domain Scan URL

URL: https://cyble.com/capabilities.php
Title: Capabilities

Search URL Search Domain Scan URL

URL: https://cyble.com/cyble-vision.php
Title: Cyble Vision

Search URL Search Domain Scan URL

URL: https://cyble.com/amibreached.php
Title: AmiBreached

Search URL Search Domain Scan URL

URL: https://cyble.com/cyble-hawk.php
Title: Cyble Hawk

Search URL Search Domain Scan URL

URL: https://cyble.com/press.php
Title: Media & Press Releases

Search URL Search Domain Scan URL

URL: https://cyble.com/career.php
Title: Careers

Search URL Search Domain Scan URL

URL: https://cyble.com/contact-us.php
Title: Contact Sales

Search URL Search Domain Scan URL

URL: https://securityboulevard.com/2019/05/digital-criminals-abusing-secure-tunneling-service-to-deliver-lokibot/
Title: cybercriminals abused ngrok tunnelling hosted on AWS to deliver Lokibot.

Search URL Search Domain Scan URL

URL: https://cyble.io/amibreached
Title: AmiBreached.com

Search URL Search Domain Scan URL

URL: http://www.cyble.com/
Title: www.cyble.com

Search URL Search Domain Scan URL

URL: https://twitter.com/aucyble
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://app-3qnocuxufa.marketingautomation.services/prospector/form/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s HTTP 302
https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s

Request Chain 69

https://pixel-geo.prfct.co/tagjs?a_id=167159&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=167159&source=js_tag

Request Chain 75

https://secure.adnxs.com/getuid?https://pixel-geo.prfct.co/usermap/?xid=$UID&sid=202206|62b05c3b85c3aa13a57ded68&pid=pa_JziUiufJOSQEA440N HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel-geo.prfct.co%2Fusermap%2F%3Fxid%3D%24UID%26sid%3D202206%7C62b05c3b85c3aa13a57ded68%26pid%3Dpa_JziUiufJOSQEA440N HTTP 302
https://pixel-geo.prfct.co/usermap/?xid=2268720871893001426&sid=202206|62b05c3b85c3aa13a57ded68&pid=pa_JziUiufJOSQEA440N

Request Chain 76

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_JziUiufJOSQEA440N

Request Chain 77

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_JziUiufJOSQEA440N&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_JziUiufJOSQEA440N&_origin=1&verify=true

Request Chain 78

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_JziUiufJOSQEA440N

Request Chain 79

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_JziUiufJOSQEA440N

Request Chain 80

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfSnppVWl1ZkpPU1FFQTQ0ME4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfSnppVWl1ZkpPU1FFQTQ0ME4&google_tc= HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 82

https://secure.adnxs.com/seg?t=2&add=27052482 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D27052482

109 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/ 271 KB
59 KB 1251ms
1220ms Document
text/html 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

61c2e7b94a4a7e2c8533283d146fe92e5d77951471631a8048a05109e8347ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=300, must-revalidate
cf-edge-cache: cache,platform=wordpress
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 20 Jun 2022 11:38:35 GMT
host-header: WordPress.com
last-modified: Mon, 20 Jun 2022 11:38:34 GMT
link: <https://blog.cyble.com/wp-json/>; rel="https://api.w.org/" <https://blog.cyble.com/wp-json/wp/v2/posts/4144>; rel="alternate"; type="application/json" <https://wp.me/pbX1h1-14Q>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 2.hhn _atomic_ams
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-nananana: Batcache-Set
x-pingback: https://blog.cyble.com/xmlrpc.php

GET
H2 200 wp-emoji-release.min.js Show response
blog.cyble.com/wp-includes/js/ 18 KB
5 KB 178ms
177ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
server: nginx
etag: W/"62551487-48b9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 /
blog.cyble.com/_static/ 1 MB
140 KB 254ms
254ms Stylesheet
text/css 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/_static/??-eJylVFGSgyAMvdBStK3WfuzsWRCipUVgCI7j7Tdau2un1R1nf5SEl5fkEeg8k85GsJHHCzSAXGAMgr4IEblE5I22utKgeBVGpNqRZ0c7H91vsDdtrS3yuiWzhFDzstVG8dI4eWNGl0GEnmPsDSyFGtG7NrI6aPUM1FaaVlFpVyoGlBZgqFKKnBuewiEwA7WQ/bzCxWjam9trXXUuKB8AkWEUEVkjrKgpmw9ulGi1rwsIRdjKuUi/KZsLc4kXIEuMLxykLwdNsDvdzz4bfWudvS1n7aBbb5xQ88AhwjuMLDslxZ95Rs3+n+u8T9OtgtMk8E6rmlKzp9QLPFeIXsgbb5xqDQwq32DhrB+VjpeHCaWcna9Zvj8XlTrmQu7LU8FIqGN+zpINDReHc7YFfkwOW+B58sK+JMMkIUcntTD3EXsyNo1tRSAmOkDXwH0gyDHZmwb3LRk9O1ZtuwBvedAZvfruPUQawNN6gH41n2meZYc0z4vTN0mWDWs=

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

942ac7bd57aa9ab08150b9ea568958978907fc37696094274ac6851b99cb757a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:27 GMT
server: nginx
x-page-optimize: uncached
etag: W/"273196423263391a574c7748cb88011c"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
host-header: WordPress.com

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 42ms
18ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C&display=fallback&ver=3.8.2

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d823ab601ea73eabb843499a275d0e4cb498f43b028c63fc68d1d82860f03ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 11:38:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 11:38:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 11:38:35 GMT

GET
H2 200 front.min.css
blog.cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 175ms
175ms Stylesheet
text/css 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d2c30641eed11d27cc45ab60849aaef8d0cef92b8c75b09648ffb764bd6017c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Jun 2022 14:44:04 GMT
server: nginx
etag: W/"62977b34-14ce"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 73 KB
2 KB 42ms
19ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bb3425fae4ff0eb48284ec0e207336d3066731e4ead39c2ba849fb04d32c1faf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 11:14:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 11:38:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 11:38:35 GMT

GET
H2 200 jquery.min.js Show response
blog.cyble.com/wp-includes/js/jquery/ 87 KB
31 KB 181ms
181ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
etag: W/"6048e0ac-15db1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
blog.cyble.com/_static/ 12 KB
5 KB 176ms
176ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/_static/??wp-includes/js/jquery/jquery-migrate.min.js,wp-content/plugins/wordpress-stats-manager-pro/js/custom_front_js.js?m=1654625465

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1190115dd7e6fbd896f8b541ad48a2dea9c4214cd240ffe2726d8e90d8eb9467

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Jun 2022 18:11:05 GMT
server: nginx
x-page-optimize: uncached
etag: W/"8f96331e5aa3702e6257952997cd4d72"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
host-header: WordPress.com

GET
H2 200 front.min.js Show response
blog.cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 174ms
174ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.3.0

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c38bc4d28cb6dd5263a68b3efa74cd5b746f9083484871c54f4cd437c828b40e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Jun 2022 14:44:04 GMT
server: nginx
etag: W/"62977b34-20ec"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 videopress-token-bridge.js Show response
blog.cyble.com/wp-content/plugins/jetpack/modules/videopress/js/ 1 KB
565 B 174ms
174ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/jetpack/modules/videopress/js/videopress-token-bridge.js?m=1653408914

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

04369624b742fa4d3f0cac4dc669f2622913f8ce8b59d052e8daad59925235c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 24 May 2022 16:15:14 GMT
server: nginx
etag: W/"628d0492-4cc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
39 KB 46ms
20ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-201575643-1

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be3d6d34e57acb77b9cc356dbc40734bdaa35054ce974475d97e7b058a28b32f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39805
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 20 Jun 2022 11:38:35 GMT

GET
H2 200 form.js Show response
koi-3qnocuxufa.marketingautomation.services/client/ 3 KB
2 KB 173ms
116ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/client/form.js?ver=2.0.1
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 14b63cf8d762d7118924d182b7f6bd9a45ca408b13dfeaca8da0735f26a70e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:52 GMT
server: openresty
etag: W/"62ab3050-a49"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H2 200 aib-injectable.js Show response
injection.amibreached.com/ 2 KB
2 KB 243ms
183ms Script
application/javascript 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/aib-injectable.js

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

186cb05caa2a06748336b3123d7ac53986a650cffcab18f34e5c0ee3c057f591

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
via: 1.1 b0fb64973ef509b9c9508897337515c2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-C3
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:50 GMT
server: cloudflare
etag: W/"662ed2e07a2c9b151332e0a8da3b9922"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pu0MfSCYUhyEMpP5uiGtWKIaBeG28Bon0vrgN%2FPQexwZWRoVaAicsSGJwpTjSPVAdpZlQjCMknyai%2FWglZlKISCXZDqt1AkzpRdZHbzAip0b9bT29pC6m%2BDXwfe94k31JLyl7%2BINlCEi%2Fuf%2FWpEqPL62tIZwhVY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 71e43811af4883b8-MXP
x-amz-cf-id: go19o2T1XhdF6cduyuFpDvGncJww-V5XPUc5saJavHl0mACs17ylZw==

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
2 KB 35ms
7ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202225
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9e038ad8d6f4e0982fc74aa17e251982a487d9e7326ab37ae739d146236593b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: br
server: nginx
etag: W/"6246db7c-16da"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Tue, 20 Jun 2023 00:00:00 GMT

GET
H2 200 /
blog.cyble.com/_static/ 38 KB
8 KB 178ms
177ms Stylesheet
text/css 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/_static/??-eJyVjMsOgjAQRX/IMpEgYWP8llIupDp9pNNJf9+a6IqVy3Mfp2XjUqyIlTLr4aMQGKFzKmRFUIXYr7T3kbENkgLIiVDBoWzLEHwcOl/aWfREzda9KKRNGULOlqQCJmk+o5hV48b4+/0tzC/4CB7hfp1v0zLO4zK9AS3gUD4=

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ee11e6757fa0709d424832d70aa161ddc5ecf2e943e259efc79a7197b7f69c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
x-page-optimize: uncached
etag: W/"5925ff7f3a1b87ff5fb8f2e4338bfa24"
vary: Accept-Encoding
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
host-header: WordPress.com

GET
H2 200 / Show response
blog.cyble.com/_static/ 200 KB
53 KB 188ms
187ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/_static/??-eJytUltywjAMvFCNoSWBfHR6FMaxlWDwq7ZMmp6+ShooMzyGdvoTx7J2pZW2C0w7abKCxHeJS28tOGQRgulnVrvZLj11gUnvkOIct2ApUySMgr4JcIRRom40KN7EMVFdgQaTW+0oHTAIuecbqsvrrI3iYevRu+m4As3BeKGmskwoRcln/6x8rtaNWpZytaqKZ7ZeLIvlvKoebwA7jQiRobZgtIMH2p/OzYHU+shFRm8FopbHF2bEZ8+0FS0NTOmEXBNTTCBRU8++ThAPEP+/zFngBvkWhCK1jfeDaDAw7JzYh4HQNk9LvI4+5bMQ/dEERtc8WRGRnjK1/54h9rOfyO8MIUX0OYE5iTwGzmjObfutdjAJ3LPe1c4J3kE9VqHoLGY3uOARlkuGP6KPA2fWq2wg3VA5bncyQoQWHEQxiLksegtFT8GbvtHG3GmxzXStIbbTNrbe72nGTsHHhHqzr4uyKF4WZbmafwGukp4c

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ce02b7050556bd6ede875d8a1b9417a25b48399804667974470364ed7dbccb49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
x-page-optimize: uncached
etag: W/"52a9e2d408321ff65e956448181316b2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
host-header: WordPress.com

GET
H2 200 index.min.js Show response
blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/ 10 KB
4 KB 174ms
173ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=3d2aeabd3f84698c0e2c

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

81ca0d70f50ab00f0c1e0933c11bf7bb6aada2366994784564f4d324dfd7a60c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 02 Mar 2022 21:18:28 GMT
server: nginx
etag: W/"621fdf24-26bc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/ 21 KB
6 KB 331ms
330ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.2

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a2cebfe3738dbd10570bcfea24eb240323f7f03312fce23f999ecbc9fb3cc6cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
etag: W/"62aa20be-52d7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
blog.cyble.com/_static/ 32 KB
10 KB 177ms
176ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/_static/??wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js,wp-includes/js/jquery/ui/core.min.js?m=1654826284

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

aa12248b53916120c88866586b72b0f8096514eaae98107cd87f796b568dd59b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
x-page-optimize: uncached
etag: W/"50aa2df632a26ec1b84130cc9f645528"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
host-header: WordPress.com

GET
H2 200 frontend.min.js Show response
blog.cyble.com/wp-content/plugins/elementor/assets/js/ 37 KB
11 KB 174ms
174ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.6

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a1d57439b7cbb156c806a42b54429bac881c3f9f34c717e5085862b0fa56c972

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
etag: W/"62a2a52c-936d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elements-handlers.min.js Show response
blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
6 KB 174ms
173ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.2

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8321348efb44c9dd41d6eab7b2f4aa703fb7a60ae7092a46c2daf86230ef57f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
etag: W/"62aa20be-5f3e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202225.js Show response
stats.wp.com/ 9 KB
3 KB 37ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202225.js
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 11 Jun 2023 21:41:47 GMT

GET
H2 200 wsm_new.js Show response
blog.cyble.com/wp-content/plugins/wordpress-stats-manager-pro/js/ 23 KB
9 KB 178ms
177ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/wordpress-stats-manager-pro/js/wsm_new.js?v=1.1

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7883c3cfb3f71df2ec3c0574dd83d0b6849a12248b6b9142ea99752636310a47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 07 Jun 2022 18:11:05 GMT
server: nginx
etag: W/"629f94b9-5d2e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 29ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 12:16:38 GMT
x-content-type-options: nosniff
age: 602517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Jun 2023 12:16:38 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 fa-solid-900.woff2
blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 76 KB
77 KB 192ms
192ms Font
application/font-woff2 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/_static/??-eJylVFGSgyAMvdBStK3WfuzsWRCipUVgCI7j7Tdau2un1R1nf5SEl5fkEeg8k85GsJHHCzSAXGAMgr4IEblE5I22utKgeBVGpNqRZ0c7H91vsDdtrS3yuiWzhFDzstVG8dI4eWNGl0GEnmPsDSyFGtG7NrI6aPUM1FaaVlFpVyoGlBZgqFKKnBuewiEwA7WQ/bzCxWjam9trXXUuKB8AkWEUEVkjrKgpmw9ulGi1rwsIRdjKuUi/KZsLc4kXIEuMLxykLwdNsDvdzz4bfWudvS1n7aBbb5xQ88AhwjuMLDslxZ95Rs3+n+u8T9OtgtMk8E6rmlKzp9QLPFeIXsgbb5xqDQwq32DhrB+VjpeHCaWcna9Zvj8XlTrmQu7LU8FIqGN+zpINDReHc7YFfkwOW+B58sK+JMMkIUcntTD3EXsyNo1tRSAmOkDXwH0gyDHZmwb3LRk9O1ZtuwBvedAZvfruPUQawNN6gH41n2meZYc0z4vTN0mWDWs=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.cyble.com/_static/??-eJylVFGSgyAMvdBStK3WfuzsWRCipUVgCI7j7Tdau2un1R1nf5SEl5fkEeg8k85GsJHHCzSAXGAMgr4IEblE5I22utKgeBVGpNqRZ0c7H91vsDdtrS3yuiWzhFDzstVG8dI4eWNGl0GEnmPsDSyFGtG7NrI6aPUM1FaaVlFpVyoGlBZgqFKKnBuewiEwA7WQ/bzCxWjam9trXXUuKB8AkWEUEVkjrKgpmw9ulGi1rwsIRdjKuUi/KZsLc4kXIEuMLxykLwdNsDvdzz4bfWudvS1n7aBbb5xQ88AhwjuMLDslxZ95Rs3+n+u8T9OtgtMk8E6rmlKzp9QLPFeIXsgbb5xqDQwq32DhrB+VjpeHCaWcna9Zvj8XlTrmQu7LU8FIqGN+zpINDReHc7YFfkwOW+B58sK+JMMkIUcntTD3EXsyNo1tRSAmOkDXwH0gyDHZmwb3LRk9O1ZtuwBvedAZvfruPUQawNN6gH41n2meZYc0z4vTN0mWDWs=
Origin: https://blog.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
etag: "62a2a52c-13174"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 78196
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H3

200

M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA Show response
app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/ Frame 68B8
Redirect Chain

https://app-3qnocuxufa.marketingautomation.services/prospector/form/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s

41 KB
41 KB

126ms
126ms

Document
text/html

130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Requested by: Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/client/form.js?ver=2.0.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: nginx/1.21.4 /
Resource Hash: a11fc3a5a17cfadaafc492fb2588b67efc080706c4c329065bd57025b5864f2c

Request headers

Referer: https://blog.cyble.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 41499
content-type: text/html
date: Mon, 20 Jun 2022 11:38:35 GMT
etag: "7c98109f5c595d95213052726bdb3d34"
expires: Tue, 20 Jun 2023 11:38:35 GMT
last-modified: Wed, 29 Dec 2021 21:49:38 GMT
server: nginx/1.21.4
via: 1.1 google
x-goog-generation: 1640814578659182
x-goog-hash: crc32c=aw6uzw== md5=fJgQn1xZXZUhMFJya9s9NA==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 41499
x-guploader-uploadid: ADPycduACh_gjC5gJC1diQcvQwVJqNpzX0ym3RMZn4MFcsjBQ3f6vuqnq_iaLKytqXFvBG9HxayxX2mnQ16ZjLyGZQapF4QkHjSc

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8
date: Mon, 20 Jun 2022 11:38:35 GMT
location: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
pod-hostname: koi-5fd6b7cc8d-t8zg7
server: openresty
via: 1.1 google
x-clacks-overhead: GNU Terry Pratchett
x-xss-protection: 1; mode=block

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v29/ 47 KB
47 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c0b68ea789d4bc6705f42dd6c44eb38306b965df01f9409eb4a941370e3b158

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:35:09 GMT
x-content-type-options: nosniff
age: 3806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47924
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 10:35:09 GMT

GET
H2 200 fa-brands-400.woff2
blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
75 KB 221ms
221ms Font
application/font-woff2 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.cyble.com/_static/??-eJylVFGSgyAMvdBStK3WfuzsWRCipUVgCI7j7Tdau2un1R1nf5SEl5fkEeg8k85GsJHHCzSAXGAMgr4IEblE5I22utKgeBVGpNqRZ0c7H91vsDdtrS3yuiWzhFDzstVG8dI4eWNGl0GEnmPsDSyFGtG7NrI6aPUM1FaaVlFpVyoGlBZgqFKKnBuewiEwA7WQ/bzCxWjam9trXXUuKB8AkWEUEVkjrKgpmw9ulGi1rwsIRdjKuUi/KZsLc4kXIEuMLxykLwdNsDvdzz4bfWudvS1n7aBbb5xQ88AhwjuMLDslxZ95Rs3+n+u8T9OtgtMk8E6rmlKzp9QLPFeIXsgbb5xqDQwq32DhrB+VjpeHCaWcna9Zvj8XlTrmQu7LU8FIqGN+zpINDReHc7YFfkwOW+B58sK+JMMkIUcntTD3EXsyNo1tRSAmOkDXwH0gyDHZmwb3LRk9O1ZtuwBvedAZvfruPUQawNN6gH41n2meZYc0z4vTN0mWDWs=
Origin: https://blog.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
etag: "62a2a52c-12bdc"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 76764
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H3 200 ss.js Show response
koi-3qnocuxufa.marketingautomation.services/client/ 12 KB
5 KB 126ms
111ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/client/ss.js?ver=2.4.0
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 926f767fec2a5ed3a610735fde7861c24c9c15fa136d9a85d111c2b9ec4a0fa0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:52 GMT
server: openresty
etag: W/"62ab3050-2fc8"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=604800, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 81ms
13ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/_static/??-eJytUltywjAMvFCNoSWBfHR6FMaxlWDwq7ZMmp6+ShooMzyGdvoTx7J2pZW2C0w7abKCxHeJS28tOGQRgulnVrvZLj11gUnvkOIct2ApUySMgr4JcIRRom40KN7EMVFdgQaTW+0oHTAIuecbqsvrrI3iYevRu+m4As3BeKGmskwoRcln/6x8rtaNWpZytaqKZ7ZeLIvlvKoebwA7jQiRobZgtIMH2p/OzYHU+shFRm8FopbHF2bEZ8+0FS0NTOmEXBNTTCBRU8++ThAPEP+/zFngBvkWhCK1jfeDaDAw7JzYh4HQNk9LvI4+5bMQ/dEERtc8WRGRnjK1/54h9rOfyO8MIUX0OYE5iTwGzmjObfutdjAJ3LPe1c4J3kE9VqHoLGY3uOARlkuGP6KPA2fWq2wg3VA5bncyQoQWHEQxiLksegtFT8GbvtHG3GmxzXStIbbTNrbe72nGTsHHhHqzr4uyKF4WZbmafwGukp4c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA4) /
Resource Hash: dccafac57a7fcedce0d95d35007b502104f45b82f43f052159c370258ef13a53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Mon, 20 Jun 2022 11:38:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 169
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Content-Length: 29459
x-tw-cdn: VZ
Last-Modified: Thu, 02 Jun 2022 18:12:37 GMT
Server: ECS (amb/6BA4)
Etag: "5d21dece96ce474f5f1ac122cbdef6eb+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 15ms
9ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A11.1-a.3&blog=176605947&post=4144&tz=-4&srv=blog.cyble.com&hp=atomic&ac=2&amp=0&host=blog.cyble.com&ref=&fcp=1668&rand=0.13840993374528687
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 20 Jun 2022 11:38:35 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2968
date: Mon, 20 Jun 2022 10:49:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 20 Jun 2022 12:49:07 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 161 KB
60 KB 36ms
21ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-201575643-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a50cb3cb6d664943b4e08ff9ba8851ff31be01f824467ab7bdab9b45a423f0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61358
x-xss-protection: 0
expires: Mon, 20 Jun 2022 11:38:35 GMT

GET
H2 200 /
blog.cyble.com/ 0
52 B 646ms
646ms Image
text/html 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.cyble.com/?wmcAction=wmcTrack&action_name=Ngrok%20Platform%20Abused%20by%20Hackers%20to%20Deliver%20a%20New%20Wave%20of%20Phishing%20Attacks%20%E2%80%94%20Cyble&siteId=1&rec=1&rand=337739&h=11&m=38&s=35&url=https%3A%2F%2Fblog.cyble.com%2F2021%2F02%2F15%2Fngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks%2F&uid=0&pid=4144&visitorId=7c7b191719ea3f8e&fvts=1655725116&vc=1&idn=0&refts=0&lvts=1655725116&fullRef=&send_image=1&pdf=1&qt=0&rp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gtms=1271&pvId=nFsmzb&browser=Chrome_102&os=Windows_10&device=Desktop

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security: max-age=31536000
content-encoding: br
server: nginx
date: Mon, 20 Jun 2022 11:38:36 GMT
vary: Accept-Encoding, Cookie
content-type: text/html; charset=utf-8
x-ac: 2.hhn _atomic_ams
host-header: WordPress.com

GET
H2 200 nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js Show response
blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
1 KB 173ms
172ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/_static/??-eJytUltywjAMvFCNoSWBfHR6FMaxlWDwq7ZMmp6+ShooMzyGdvoTx7J2pZW2C0w7abKCxHeJS28tOGQRgulnVrvZLj11gUnvkOIct2ApUySMgr4JcIRRom40KN7EMVFdgQaTW+0oHTAIuecbqsvrrI3iYevRu+m4As3BeKGmskwoRcln/6x8rtaNWpZytaqKZ7ZeLIvlvKoebwA7jQiRobZgtIMH2p/OzYHU+shFRm8FopbHF2bEZ8+0FS0NTOmEXBNTTCBRU8++ThAPEP+/zFngBvkWhCK1jfeDaDAw7JzYh4HQNk9LvI4+5bMQ/dEERtc8WRGRnjK1/54h9rOfyO8MIUX0OYE5iTwGzmjObfutdjAJ3LPe1c4J3kE9VqHoLGY3uOARlkuGP6KPA2fWq2wg3VA5bncyQoQWHEQxiLksegtFT8GbvtHG3GmxzXStIbbTNrbe72nGTsHHhHqzr4uyKF4WZbmafwGukp4c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

49e0f7e4312a7fad805dbcc9a52f704614d7aa6fff8c0040fb7f8b8736ff49da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
etag: W/"62aa20be-ce9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H2 200 share-buttons.0bdd88c45462dfb2b073.bundle.min.js Show response
blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/ 1 KB
628 B 173ms
173ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.0bdd88c45462dfb2b073.bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ef722c2006b8496cc98db9bbfb5812d9ae7c54700a42917de4b9bf3ffbd2a246

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
etag: W/"62aa20be-4bc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H2 200 load-more.80eb3caec79a44347d74.bundle.min.js Show response
blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/ 4 KB
1 KB 172ms
172ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.80eb3caec79a44347d74.bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

77b37711fde49c1d172d6611d6406f105596e4b1d399cf64576adaca516fd23c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
etag: W/"62aa20be-10f8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H2 200 posts.c35de42fde52aa1dbfe2.bundle.min.js Show response
blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
1 KB 173ms
172ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.c35de42fde52aa1dbfe2.bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

621916fdae4617775c63ad15b1177ef48debefead33fc3aa14b645d543066bc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Jun 2022 18:11:10 GMT
server: nginx
etag: W/"62aa20be-c74"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H2 200 text-editor.289ae80d76f0c5abea44.bundle.min.js Show response
blog.cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
698 B 173ms
173ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0ca81e784363b653695d694ec3276de2ad4d2fe79ab3d27da6b31d965001f16d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
etag: W/"62a2a52c-54b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Mon, 20 Jun 2022 11:38:35 GMT
x-ac: 2.hhn _atomic_ams
expires: Mon, 27 Jun 2022 11:38:35 GMT

GET
H2 200 Cyble-Black-Logo.png
i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/ 3 KB
4 KB 141ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2021/11/Cyble-Black-Logo.png?resize=300%2C83&ssl=1

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4c22a3151b18f77d096ebf6bc1379f1730a83aa14994ba5f4aec4c61659f2f8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 05:20:19 GMT
server: nginx
etag: "955ad50d3be7e72d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.cyble.com/wp-content/uploads/2021/11/Cyble-Black-Logo.png>; rel="canonical"
content-length: 3566
expires: Sat, 23 Mar 2024 17:20:19 GMT

GET
H2 200 image-71.png
i0.wp.com/blog.cyble.com/wp-content/uploads/2021/02/ 18 KB
18 KB 141ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2021/02/image-71.png?w=601&ssl=1

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

64f244f917c97d234978b485533961c55c0e97a7a478fc51317d4e64e255d8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 03 Jun 2022 15:12:03 GMT
server: nginx
etag: "548f9be849ba9d2a"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.cyble.com/wp-content/uploads/2021/02/image-71.png>; rel="canonical"
content-length: 18522
expires: Mon, 03 Jun 2024 03:12:03 GMT

GET
H2 200 image-74.png
i0.wp.com/blog.cyble.com/wp-content/uploads/2021/02/ 37 KB
38 KB 148ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2021/02/image-74.png?resize=1024%2C443&ssl=1

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

86eb7835899c13e4d9af26149422ba288f61cbb5e9ca1e1190d1c6e8d9373f2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 13:20:16 GMT
server: nginx
etag: "1435973c7edeef24"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.cyble.com/wp-content/uploads/2021/02/image-74.png>; rel="canonical"
content-length: 38206
expires: Sun, 24 Mar 2024 01:20:16 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 30ms
15ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1704153171&t=pageview&_s=1&dl=https%3A%2F%2Fblog.cyble.com%2F2021%2F02%2F15%2Fngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks%2F&ul=en-us&de=UTF-8&dt=Ngrok%20Platform%20Abused%20by%20Hackers%20to%20Deliver%20a%20New%20Wave%20of%20Phishing%20Attacks%20%E2%80%94%20Cyble&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=1436017183&gjid=92923499&cid=2140075417.1655725116&tid=UA-201575643-1&_gid=868412643.1655725116&_r=1&gtm=2ou6f0&did=dZTNiMT&gdid=dZTNiMT&z=105016035

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.cyble.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html Show response
platform.twitter.com/widgets/ Frame 412A 319 KB
104 KB 12ms
12ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fblog.cyble.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B9D) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer: https://blog.cyble.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1188610
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105433
Content-Type: text/html; charset=utf-8
Date: Mon, 20 Jun 2022 11:38:35 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Thu, 02 Jun 2022 18:01:40 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B9D)
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

POST
H2 204 collect
region1.google-analytics.com/g/ 0
337 B 75ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=2oe6f0&_p=1704153171&_z=ccd.v9B&gdid=dZTNiMT&cid=2140075417.1655725116&ul=en-us&sr=1600x1200&_s=1&sid=1655725115&sct=1&seg=0&dl=https%3A%2F%2Fblog.cyble.com%2F2021%2F02%2F15%2Fngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks%2F&dt=Ngrok%20Platform%20Abused%20by%20Hackers%20to%20Deliver%20a%20New%20Wave%20of%20Phishing%20Attacks%20%E2%80%94%20Cyble&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 11:38:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 koi Show response
koi-3qnocuxufa.marketingautomation.services/ 147 B
175 B 211ms
211ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://koi-3qnocuxufa.marketingautomation.services/koi?rf=&hn=blog.cyble.com&lg=en-US&sr=1600x1200&cd=24&vr=2.4.0&se=1655725115697&ac=KOI-4JTSOSSFQA&ts=1655725116&pt=0&pl=0&loc=https%3A%2F%2Fblog.cyble.com%2F2021%2F02%2F15%2Fngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks%2F&tp=page&ti=Ngrok%20Platform%20Abused%20by%20Hackers%20to%20Deliver%20a%20New%20Wave%20of%20Phishing%20Attacks%20%E2%80%94%20Cyble

Requested by

Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/client/ss.js?ver=2.4.0

Protocol

Security

QUIC, , AES_128_GCM

Server

130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.21.211.130.bc.googleusercontent.com

Software

openresty /

Resource Hash

46c174075b10b420c63a3164d75757687e9ef59cac59ba2acfa94cae1533ab6b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
x-clacks-overhead: GNU Terry Pratchett
last-modified: Mon, 20 Jun 2022 11:38:35 GMT
server: openresty
vary: Accept-Encoding
p3p: CP='This is not a P3P policy! See https://sharpspring.com/legal/privacy/ for more info.'
via: 1.1 google
cache-control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
pod-hostname: koi-5fd6b7cc8d-x7thb
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 formbasics.css
app-3qnocuxufa.marketingautomation.services/includes/css/ Frame 68B8 7 KB
2 KB 110ms
108ms Stylesheet
text/css 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/css/formbasics.css
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 2c42851f49a6eb6a0eb3fba8f344f473909f15998d33c94323e13c9cf90cb7ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:28:12 GMT
server: openresty
etag: W/"62ab2fec-1c3d"
vary: Accept-Encoding
content-type: text/css
via: 1.1 google
pod-hostname: app-59df9dc567-xzg4f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 jquery-ui.min.css
app-3qnocuxufa.marketingautomation.services/includes/css/jquery/ Frame 68B8 31 KB
9 KB 114ms
109ms Stylesheet
text/css 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/css/jquery/jquery-ui.min.css
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: a1756adc350c37ea26d71ee00ad027bbf35204bff9fb040ecfb5c1a64971cffc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:25:51 GMT
server: openresty
etag: W/"62ab2f5f-7d0a"
vary: Accept-Encoding
content-type: text/css
via: 1.1 google
pod-hostname: app-59df9dc567-xzg4f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 base.css
app-3qnocuxufa.marketingautomation.services/includes/css/jquery/datepicker/ Frame 68B8 4 KB
1 KB 115ms
109ms Stylesheet
text/css 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/css/jquery/datepicker/base.css
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 1a47e85dd8ec320d900f14082243d3af1051e6cb4e7fb8ba8807c6b903530e8a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:25:51 GMT
server: openresty
etag: W/"62ab2f5f-f70"
vary: Accept-Encoding
content-type: text/css
via: 1.1 google
pod-hostname: app-59df9dc567-xt7xf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 datetimepicker.css
app-3qnocuxufa.marketingautomation.services/includes/css/ Frame 68B8 9 KB
3 KB 142ms
137ms Stylesheet
text/css 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/css/datetimepicker.css
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 7379f6d1c8b7eb53ba56a08e3e5f690f4a79ca5a9a940f0b74769cb04d464d98

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:28:12 GMT
server: openresty
etag: W/"62ab2fec-237e"
vary: Accept-Encoding
content-type: text/css
via: 1.1 google
pod-hostname: app-59df9dc567-xzg4f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 jquery-1.7.2.min.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/ Frame 68B8 92 KB
38 KB 129ms
124ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery-1.7.2.min.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 103631f0296614d362e698668390c9c69484dec4579a12380cd0d8a7f197fa70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:43 GMT
server: openresty
etag: W/"62ab3047-16fa7"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H3 200 jquery.validate.min.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/ Frame 68B8 24 KB
9 KB 116ms
111ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery.validate.min.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 3218b4125f473cd8e081f2d6f892e7e7dca85df9d4486a1e0d783f1f66b2731a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:49 GMT
server: openresty
etag: W/"62ab304d-5e52"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H3 200 additional-methods.min.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/ Frame 68B8 17 KB
5 KB 142ms
138ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/additional-methods.min.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 1e6f4e1fb3197d60d5c7f8f7f738deeff94b513f07e0ad5ca7c4ea85479eb4a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:32 GMT
server: openresty
etag: W/"62ab303c-4230"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H3 200 jquery.form.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/ Frame 68B8 13 KB
5 KB 117ms
112ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery.form.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 2537571109b8e5379ecc8b4c6e60449bf440b6f38e7bc5396e0189eb0512e691

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:43 GMT
server: openresty
etag: W/"62ab3047-3248"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H3 200 jquery-ui.min.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery-ui-1.12.1/ Frame 68B8 248 KB
82 KB 115ms
113ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery-ui-1.12.1/jquery-ui.min.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: 28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:25:51 GMT
server: openresty
etag: W/"62ab2f5f-3dee5"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H3 200 datetimepicker.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/ Frame 68B8 37 KB
13 KB 212ms
210ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/datetimepicker.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: f00d09a3fe4fe39964b804f3c07eea15672c2586a184e1efba084eef721fbad9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:39 GMT
server: openresty
etag: W/"62ab3043-94d3"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H3 200 jquery.placeholder.js Show response
app-3qnocuxufa.marketingautomation.services/includes/js/core/ Frame 68B8 2 KB
867 B 206ms
204ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery.placeholder.js?ver=5.75-35
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: ccc2bd16fa09fd02a0a51c4801453ae3b0baffe5b05ae4b18a9c9b00924239c0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:45 GMT
server: openresty
etag: W/"62ab3049-7e4"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:35 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 68B8 850 B
965 B 41ms
16ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bb619ed51448a1da3305a765bd0f03477bca62295de9603b7c4f707f86b48101

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 552
x-xss-protection: 1; mode=block
expires: Mon, 20 Jun 2022 11:38:35 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
438 B 61ms
21ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-201575643-1&cid=2140075417.1655725116&jid=1436017183&gjid=92923499&_gid=868412643.1655725116&_u=YGBACUAABAAAAC~&z=372894604

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.cyble.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 20 Jun 2022 11:38:35 GMT
content-type: text/plain
access-control-allow-origin: https://blog.cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 eicons.woff2
blog.cyble.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/ 90 KB
90 KB 267ms
266ms Font
application/font-woff2 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1525cd3ea05d1c00e4b385e781749c3bac5c01570b5800198bec0a252bb6c715

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.cyble.com/_static/??-eJylVFGSgyAMvdBStK3WfuzsWRCipUVgCI7j7Tdau2un1R1nf5SEl5fkEeg8k85GsJHHCzSAXGAMgr4IEblE5I22utKgeBVGpNqRZ0c7H91vsDdtrS3yuiWzhFDzstVG8dI4eWNGl0GEnmPsDSyFGtG7NrI6aPUM1FaaVlFpVyoGlBZgqFKKnBuewiEwA7WQ/bzCxWjam9trXXUuKB8AkWEUEVkjrKgpmw9ulGi1rwsIRdjKuUi/KZsLc4kXIEuMLxykLwdNsDvdzz4bfWudvS1n7aBbb5xQ88AhwjuMLDslxZ95Rs3+n+u8T9OtgtMk8E6rmlKzp9QLPFeIXsgbb5xqDQwq32DhrB+VjpeHCaWcna9Zvj8XlTrmQu7LU8FIqGN+zpINDReHc7YFfkwOW+B58sK+JMMkIUcntTD3EXsyNo1tRSAmOkDXwH0gyDHZmwb3LRk9O1ZtuwBvedAZvfruPUQawNN6gH41n2meZYc0z4vTN0mWDWs=
Origin: https://blog.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
x-ac: 2.hhn _atomic_ams
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
etag: "62a2a52c-1691c"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 92444
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 share-link.min.js Show response
blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 177ms
177ms Script
application/javascript 192.0.78.183
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.6.6

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.183 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 Jun 2022 01:58:04 GMT
server: nginx
etag: W/"62a2a52c-a12"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
date: Mon, 20 Jun 2022 11:38:36 GMT
x-ac: 2.hhn _atomic_ams
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 412A 331 B
475 B 194ms
166ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=5a0fb3b3ed6556a0901ce97c9c872208b66a8d07

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fblog.cyble.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

f83df770a7c9763424b29bfe7462c8f8e807d18dc0b4570f4ada501240007fda

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 111
date: Mon, 20 Jun 2022 11:38:35 GMT
content-encoding: gzip
last-modified: Mon, 20 Jun 2022 11:38:36 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 00d04f73ffd0933531d752e58dcf412b9643abe9da83551dfcea7b187b3b316c
content-length: 193

GET
H2 200 Cyble-Blog-Cereber2021-Ransomware.png
i0.wp.com/blog.cyble.com/wp-content/uploads/2022/06/ 31 KB
32 KB 9ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/06/Cyble-Blog-Cereber2021-Ransomware.png?fit=300%2C225&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

27043b4e8ded47e9ad3d0259922cca6ce494b74b8bb5852eb08e4c8f5b0847ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 17 Jun 2022 10:13:12 GMT
server: nginx
etag: "fef7fcaaa9e2d598"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.cyble.com/wp-content/uploads/2022/06/Cyble-Blog-Cereber2021-Ransomware.png>; rel="canonical"
content-length: 32126
expires: Sun, 16 Jun 2024 22:13:12 GMT

GET
H2 200 Cyble-Misconfigured-Network-Monitoring-Tool-Analysis.png
i0.wp.com/blog.cyble.com/wp-content/uploads/2022/06/ 32 KB
33 KB 12ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/06/Cyble-Misconfigured-Network-Monitoring-Tool-Analysis.png?fit=300%2C225&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

30c7d4f5a0e44341ba8c3838925ef3572a59de6f1d54272b44bdbd5574b47bd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Thu, 16 Jun 2022 12:31:20 GMT
server: nginx
etag: "95a687b6705087d7"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.cyble.com/wp-content/uploads/2022/06/Cyble-Misconfigured-Network-Monitoring-Tool-Analysis.png>; rel="canonical"
content-length: 33238
expires: Sun, 16 Jun 2024 00:31:20 GMT

GET
H2 200 Cyble-Hydra-Android-Malware-Banking-Trojan.png
i0.wp.com/blog.cyble.com/wp-content/uploads/2022/06/ 32 KB
32 KB 16ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/06/Cyble-Hydra-Android-Malware-Banking-Trojan.png?fit=300%2C225&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4979c129325e064cc7f3b5326ea93c927edf47aa801d07fb531050b1459870f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 20 Jun 2022 11:38:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 13 Jun 2022 11:40:49 GMT
server: nginx
etag: "13a4fc5d49b13181"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.cyble.com/wp-content/uploads/2022/06/Cyble-Hydra-Android-Malware-Banking-Trojan.png>; rel="canonical"
content-length: 32592
expires: Wed, 12 Jun 2024 23:40:49 GMT

GET
H3 200 freeemailproviderlist.json Show response
app-3qnocuxufa.marketingautomation.services/includes/js/app/ Frame 68B8 75 KB
21 KB 112ms
111ms Fetch
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/app/freeemailproviderlist.json
Requested by: Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/forms-proxy/MzawMLEwNTI0BgA/M082tDA1NzPStTA2tNQ1MTRK1rVIsjTTNU00M0m1SDY2sjQwBQA?instance=hzl0s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: fa86c94c6881caec397b1a58f358561f9bd6ef1dba058efafe3fb8e9e8d5e326

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:25:51 GMT
server: openresty
etag: W/"62ab2f5f-12aa5"
vary: Accept-Encoding
content-type: application/json
via: 1.1 google
pod-hostname: app-59df9dc567-xzg4f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 60ef1a936db9b8560600055a.js Show response
tag.perfectaudience.com/serve/ 12 KB
4 KB 44ms
13ms Script
text/javascript 151.101.2.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.perfectaudience.com/serve/60ef1a936db9b8560600055a.js

Requested by

Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/client/ss.js?ver=2.4.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cowboy /

Resource Hash

b5c5ef71bd69f096d2e4a3101793df24319cb32b8e784aa5bd064bdb8bffd9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
via: 1.1 vegur, 1.1 varnish
x-content-type-options: nosniff
server: Cowboy
age: 1216
x-served-by: cache-hhn4023-HHN
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=1800
accept-ranges: bytes
x-timer: S1655725116.053381,VS0,VE1
content-length: 3900
x-cache-hits: 1

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 68B8 366 KB
145 KB 46ms
9ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://app-3qnocuxufa.marketingautomation.services
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148046
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:28:45 GMT

GET
H3 200 7c185762-8319-412c-8b96-5a64e8c32905 Show response
app-3qnocuxufa.marketingautomation.services/prospector/getFormData/MzawMLEwNTI0BgA/ Frame 68B8 2 KB
658 B 168ms
165ms XHR
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app-3qnocuxufa.marketingautomation.services/prospector/getFormData/MzawMLEwNTI0BgA/7c185762-8319-412c-8b96-5a64e8c32905?instance=hzl0s&rf__doc=https%3A%2F%2Fblog.cyble.com%2F

Requested by

Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery-1.7.2.min.js?ver=5.75-35

Protocol

Security

QUIC, , AES_128_GCM

Server

130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.21.211.130.bc.googleusercontent.com

Software

openresty /

Resource Hash

b8eca3473b82db5c8b967ba66672e04db8ca490c25ffd8b4c0084d40340bade6

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
content-encoding: gzip
x-clacks-overhead: GNU Terry Pratchett
server: openresty
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
via: 1.1 google
pod-hostname: koi-5fd6b7cc8d-6j8nx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=167159&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=167159&source=js_tag

125 B
454 B

33ms
32ms

Script
text/javascript

52.211.210.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=167159&source=js_tag
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: HTTP/1.1
Server: 52.211.210.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-210-83.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ab68144a0276d0b93733262be94c5171aae189fc11b50c2fac1a37c7c56ef074

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 125
Content-Type: text/javascript

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=167159&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 4D03 43 KB
22 KB 60ms
28ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT&co=aHR0cHM6Ly9hcHAtM3Fub2N1eHVmYS5tYXJrZXRpbmdhdXRvbWF0aW9uLnNlcnZpY2VzOjQ0Mw..&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&badge=inline&cb=dk85c6xq5pbr

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

734086ea61c81ffdb848a85a28d3209c7d7c38467f3706ca7b66bf1f148b4aa0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--uA4TlQQVt0KcB4u4A7jvg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22854
content-security-policy: script-src 'report-sample' 'nonce--uA4TlQQVt0KcB4u4A7jvg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 11:38:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 4D03 51 KB
24 KB 25ms
9ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT&co=aHR0cHM6Ly9hcHAtM3Fub2N1eHVmYS5tYXJrZXRpbmdhdXRvbWF0aW9uLnNlcnZpY2VzOjQ0Mw..&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&badge=inline&cb=dk85c6xq5pbr

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:23:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:23:49 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 4D03 366 KB
145 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148046
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:28:45 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 4D03 102 B
132 B 21ms
20ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

36bc338d4454d68ba19d0b4ad84e5b9bd5cc04d8f1f97d0a6481a8044b76fa95

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT&co=aHR0cHM6Ly9hcHAtM3Fub2N1eHVmYS5tYXJrZXRpbmdhdXRvbWF0aW9uLnNlcnZpY2VzOjQ0Mw..&hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&badge=inline&cb=dk85c6xq5pbr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 1; mode=block
expires: Mon, 20 Jun 2022 11:38:36 GMT

GET
H3 200 7c185762-8319-412c-8b96-5a64e8c32905 Show response
app-3qnocuxufa.marketingautomation.services/prospector/getFormData/MzawMLEwNTI0BgA/ Frame 68B8 2 KB
658 B 182ms
181ms XHR
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app-3qnocuxufa.marketingautomation.services/prospector/getFormData/MzawMLEwNTI0BgA/7c185762-8319-412c-8b96-5a64e8c32905?instance=hzl0s&rf__doc=https%3A%2F%2Fblog.cyble.com%2F

Requested by

Host: app-3qnocuxufa.marketingautomation.services
URL: https://app-3qnocuxufa.marketingautomation.services/includes/js/core/jquery-1.7.2.min.js?ver=5.75-35

Protocol

Security

QUIC, , AES_128_GCM

Server

130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.21.211.130.bc.googleusercontent.com

Software

openresty /

Resource Hash

b8eca3473b82db5c8b967ba66672e04db8ca490c25ffd8b4c0084d40340bade6

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
content-encoding: gzip
x-clacks-overhead: GNU Terry Pratchett
server: openresty
access-control-allow-origin: *
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
via: 1.1 google
pod-hostname: koi-5fd6b7cc8d-ngnwh
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

/
pixel-geo.prfct.co/usermap/
Redirect Chain

https://secure.adnxs.com/getuid?https://pixel-geo.prfct.co/usermap/?xid=$UID&sid=202206|62b05c3b85c3aa13a57ded68&pid=pa_JziUiufJOSQEA440N
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel-geo.prfct.co%2Fusermap%2F%3Fxid%3D%24UID%26sid%3D202206%7C62b05c3b85c3aa13a57ded68%26pid%3Dpa_JziUiufJOSQEA440N
https://pixel-geo.prfct.co/usermap/?xid=2268720871893001426&sid=202206|62b05c3b85c3aa13a57ded68&pid=pa_JziUiufJOSQEA440N

43 B
256 B

49ms
40ms

Image
image/gif

52.211.210.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/usermap/?xid=2268720871893001426&sid=202206|62b05c3b85c3aa13a57ded68&pid=pa_JziUiufJOSQEA440N
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: HTTP/1.1
Server: 52.211.210.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-210-83.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

Redirect headers

Date: Mon, 20 Jun 2022 11:38:36 GMT
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.3; 217.64.151.3; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 95f83edb-0453-4036-9893-3b46acae54fb
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
Location: https://pixel-geo.prfct.co/usermap/?xid=2268720871893001426&sid=202206|62b05c3b85c3aa13a57ded68&pid=pa_JziUiufJOSQEA440N
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Accept-CH: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Bitness
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_JziUiufJOSQEA440N

43 B
355 B

403ms
117ms

Image
image/gif

104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_JziUiufJOSQEA440N

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-response-time: 103
date: Mon, 20 Jun 2022 11:38:36 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 2ed392bf86a9ff2087784ec088ac0c25818fc11c925477beb9915480daad170a
content-length: 43

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_JziUiufJOSQEA440N
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58288/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_JziUiufJOSQEA440N&_origin=1
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_JziUiufJOSQEA440N&_origin=1&verify=true

0
121 B

15ms
15ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_JziUiufJOSQEA440N&_origin=1&verify=true

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
server: ATS/9.1.0.46
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_JziUiufJOSQEA440N&_origin=1&verify=true
date: Mon, 20 Jun 2022 11:38:36 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_JziUiufJOSQEA440N

43 B
275 B

71ms
41ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_JziUiufJOSQEA440N
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 11:38:36 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_JziUiufJOSQEA440N
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_JziUiufJOSQEA440N

0
239 B

274ms
12ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_JziUiufJOSQEA440N
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_JziUiufJOSQEA440N
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfSnppVWl1ZkpPU1FFQTQ0ME4
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfSnppVWl1ZkpPU1FFQTQ0ME4&google_tc=
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
365 B

40ms
39ms

Image
image/gif

52.211.210.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: HTTP/1.1
Server: 52.211.210.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-210-83.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 11:38:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel-geo.prfct.co/cb?partnerId=goo
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 252ms
116ms Image
image/gif 52.211.210.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=27052482&source=js_tag&a_id=167159
Requested by: Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.210.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-210-83.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=27052482
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D27052482

43 B
1 KB

78ms
77ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D27052482

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 11:38:36 GMT
X-Proxy-Origin: 217.64.151.3; 217.64.151.3; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: bbe80289-0817-48cc-a87c-1113976d1475
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-CH: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Bitness
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date: Mon, 20 Jun 2022 11:38:36 GMT
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.3; 217.64.151.3; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 01070dbd-57fa-4f95-b587-4152af27e4f7
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
Location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D27052482
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Accept-CH: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Bitness
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 stats.json Show response
injection.amibreached.com/ Frame F4A6 124 B
997 B 227ms
174ms Fetch
application/json 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/stats.json

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbdb1d21246d1c1a65aca8b41818f593b2d4704a459983866c0d331151b91887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
via: 1.1 57a9fd6199fd862b4428c6c309905a74.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 24540
x-cache: Hit from cloudfront
access-control-allow-methods: GET
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:52 GMT
server: cloudflare
etag: W/"b660d52d56d1db01c2e37397c007a1e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixSXQNe%2FiHfiKqwo%2FXxib4B8veRllB60jLbLnbdE58tF9gP3rkPdTKBcwy5UmGHrab5pCzNxZgYMN294sPBr4XMKfBwWIIBZJJpwKq7fsLpWKFIYHC7sgWC9jv4aXDuBvGj0IwIo5IewoQOUhhZEG%2BMOBDxtwHw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin
x-amz-cf-pop: MXP64-C3
cf-ray: 71e4381b09725a07-MXP
x-amz-cf-id: apsrCTtxs1iMA8Ks5wt72iTAYnvtUIZvWUWpAKkAKIMw23Kw5XBl6g==

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 3FCC 7 KB
1 KB 24ms
24ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a768264281af2b712d8dd83de283b737376f3ca699ce03c4a5210da018970371

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wmtP2wfa9rD2t9REJr3PgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1111
content-security-policy: script-src 'report-sample' 'nonce-wmtP2wfa9rD2t9REJr3PgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 11:38:36 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 3FCC 51 KB
24 KB 11ms
10ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:23:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:23:49 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame 3FCC 366 KB
145 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148046
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 04:02:51 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:28:45 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 3FCC 39 KB
23 KB 49ms
49ms XHR
application/json 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3c3cdd9bfb28a3a2f435ea44af789fa516268d41cc49b7fe8228c132015769a6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=de&v=4rwLQsl5N_ccppoTAwwwMrEN&k=6LejtCsUAAAAACVGXaLz6W52O7rQkHl_obMS1ptT
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23965
x-xss-protection: 1; mode=block
expires: Mon, 20 Jun 2022 11:38:36 GMT

GET
H2 200 inject.8d8a39d8fa64efbb0671.bundle.js Show response
injection.amibreached.com/ Frame F4A6 130 KB
44 KB 134ms
133ms Script
application/javascript 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9af44543fbf7b09c3d68e46dcb21d2cb9ec5f18bbd537cea92360a85c5db793e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
via: 1.1 f00a1e16a1b69b5fdf01447dd1592790.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P1
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:51 GMT
server: cloudflare
etag: W/"046f84a87526210ff005ab33291675c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2u%2FdcvyGLNwwrexRot%2Bmz72rS6cX1ITdxuYl0Z9nHs8KYm1AxYzIau%2FnWWL3KbU9sU2Sj7tcF%2BXk8uyM40krwF6XGvDfy%2FtrrToNZBMA2JVHa3QuY%2BkqkW50L8NfgWEZFEcd9GWE%2F7dz6Fpcre1LbnSblhHrpcI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 71e4381c2c6383b8-MXP
x-amz-cf-id: zrMf_8dclF2scSoB5lyZ9IruO_e4PpUZplyApRe5ZWYVVSJzn1o1tQ==

GET
H2 200 main.8d8a39d8fa64efbb0671.css
injection.amibreached.com/css/ Frame F4A6 703 B
721 B 140ms
139ms Stylesheet
text/css 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/css/main.8d8a39d8fa64efbb0671.css

Requested by

Host: blog.cyble.com
URL: https://blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7d0240fd43289ab1411c5fa1277574ee436d3a3bbb82d34c4d82f32d04517b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:36 GMT
via: 1.1 f6f860dfc55b1909ca7a53c7e5987f4a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-C3
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:51 GMT
server: cloudflare
etag: W/"ff4f518052149a21c5b6397b3f717f6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPMFJY5uheacd54KrAR3dk4yDAwlQGHXIHeTlhvPZo9QDeNjY6%2Bpxtb68OfppGPp%2ByOFvArzfnr7%2BZtU%2BprrqsXpLkP0i%2FFyVbN9Iyriz1h%2BtZd%2Bn6kL80nloAxF8lc2x4VF3rxxbXbwKA87iQedpQ1nVbdzW%2Fw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 71e4381c2c6683b8-MXP
x-amz-cf-id: b4tPoblfpUPQVuIFUjub8mjcliNnwz-4Pb3GWL0qSpH4vf4EL-cRcQ==

GET
H3 200 getChatbot Show response
koi-3qnocuxufa.marketingautomation.services/ 242 B
217 B 118ms
118ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://koi-3qnocuxufa.marketingautomation.services/getChatbot?rf=&hn=blog.cyble.com&lg=en-US&sr=1600x1200&cd=24&vr=2.4.0&se=1655725115697&ac=KOI-4JTSOSSFQA&ts=1655725117&pt=0&pl=0&loc=https%3A%2F%2Fblog.cyble.com%2F2021%2F02%2F15%2Fngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks%2F&tk=202206%7C62b05c3b85c3aa13a57ded68

Requested by

Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/client/ss.js?ver=2.4.0

Protocol

Security

QUIC, , AES_128_GCM

Server

130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.21.211.130.bc.googleusercontent.com

Software

openresty /

Resource Hash

4ef62e6a9ec1b271a483b3b818f8a17b91c9fbed51048b7ecd13a9fefd838561

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
content-encoding: gzip
x-clacks-overhead: GNU Terry Pratchett
server: openresty
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
pod-hostname: app-pubapi-7f5f5b9588-dgcw7
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 272.8d8a39d8fa64efbb0671.css
injection.amibreached.com/css/ Frame F4A6 348 KB
53 KB 156ms
155ms Stylesheet
text/css 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css

Requested by

Host: injection.amibreached.com
URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c77d2ba289d0e2827ad7f79b00972a63c7f4426d89b8ce6b5da90a368760cfe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
via: 1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P1
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:51 GMT
server: cloudflare
etag: W/"a858af055119af47585aeffbfd69ceac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeFm%2BWOlLgYqoDHQ2zdxd04fPwxO%2FeE%2FgjjUO10%2Fcke2UwKbMOj1tbFDs9IM1CUNtIRRQP%2BYrv3m7NmYVmmk6FwL%2FQmu3WzdZ%2BuVBWHLkiXNWA1DihTA6ZqEM64yOXZO2Ve0jpDQIgL1BxQWqx00Q6xOseyWmrc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 71e4381d2f2583b8-MXP
x-amz-cf-id: qO3RBY9x5QBruqDlVjWc1-PZadmfWbYC8ouX26EIwYdC_KNRQRppJw==

GET
H2 200 272.8d8a39d8fa64efbb0671.chunk.js Show response
injection.amibreached.com/chunks/ Frame F4A6 381 KB
100 KB 189ms
188ms Script
application/javascript 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/chunks/272.8d8a39d8fa64efbb0671.chunk.js

Requested by

Host: injection.amibreached.com
URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29d409fee0f34ebc05fa36076c101b77e28dccbcfdbfbf4cf248371820ca9ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
via: 1.1 5427b6f9e99013a38c36e041a855ef66.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP64-C3
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:50 GMT
server: cloudflare
etag: W/"a161e1a55882deeacea4aadc5ab6a660"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mpl5%2FvmthuARhmoCW47l9UoSqs5BP6h1PT2BixXbG9t0IA%2BlBm0KLUcrQXOQThTz%2BnCuR7X%2FfRIJm3jyMA8sFOiR1ZNVDWpqKxQoIg1op2xKWi%2F4%2BFdQnqNophPy1zbgQMXDr5MibmanR9mdFejTB3y0hlK6EqU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 71e4381d2f2b83b8-MXP
x-amz-cf-id: PFZqwFFxnKnDKX1AYHOR99Aq4qSu00XiGOOfup6yZDr4kbbDGsvDjg==

GET
H2 200 349.8d8a39d8fa64efbb0671.css
injection.amibreached.com/css/ Frame F4A6 3 KB
1 KB 98ms
97ms Stylesheet
text/css 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/css/349.8d8a39d8fa64efbb0671.css

Requested by

Host: injection.amibreached.com
URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d904f71a4d973dac278821490969eb0a63dd97635584930bbbbec0a3e608d75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
via: 1.1 f1cf0dd6472fa007238228b98c5a369e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P1
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:51 GMT
server: cloudflare
etag: W/"d5e9ad0edf5f90c0d209a111611b1fba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fe17umC96H4BIlrzZbm5o4s%2FRAoCbZJU5pQy98jdJUFgoh0u2kmY0cIQLtwNYD2aY9l0zy3Dth0SwQlud%2BDFfy34C5e7jab0euk6a5LprCRnUwG2CEmIRSzfaKd41WFuCSnukL0f83jUFUzzWOXGvuboxbQH14M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 71e4381d2f2e83b8-MXP
x-amz-cf-id: r2xMZSqfqE_YcDe1_jLwL3poGb6Q4vU8Sn-EgC41onAMd_jg6Qieuw==

GET
H2 200 349.8d8a39d8fa64efbb0671.chunk.js Show response
injection.amibreached.com/chunks/ Frame F4A6 16 KB
5 KB 112ms
111ms Script
application/javascript 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/chunks/349.8d8a39d8fa64efbb0671.chunk.js

Requested by

Host: injection.amibreached.com
URL: https://injection.amibreached.com/inject.8d8a39d8fa64efbb0671.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2c197367cb631f88fca96c13ec0c06d0a99bc5398d0349716bc06ce7a91e8ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
via: 1.1 40534f1ddc687ba417d73ff7d23cf938.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P1
x-cache: Hit from cloudfront
content-encoding: br
vary: Accept-Encoding
last-modified: Mon, 23 May 2022 20:31:51 GMT
server: cloudflare
etag: W/"0e05edf25a54d46e1a8ef01ec442978b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LIsXBzbQ2hrZVb9nKzjWgwc2bcLNPsjC38Ma5CxnC1HxuLz42M9r23x8m8inFeAPjcw0xKUBKTSgpcAFL5cXeKpW70HV8HrcfnuoyloUJ5pKCRzn%2F8GxKWw5yVfBLDfNr7mDwGceBBroMXuTitYeI1NW5TQGB20%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 71e4381d2f3283b8-MXP
x-amz-cf-id: hsUGzJg1IhbnPO2GSvhKdR0n2WoQZvCyR2xoMsygMudMfd7D_QoSvw==

GET
H3 200 publicChatbot Show response
koi-3qnocuxufa.marketingautomation.services/ Frame E2BF 2 KB
828 B 139ms
138ms Document
text/html 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US

Requested by

Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/client/ss.js?ver=2.4.0

Protocol

Security

QUIC, , AES_128_GCM

Server

130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

179.21.211.130.bc.googleusercontent.com

Software

openresty /

Resource Hash

a9af4b89578b8ee4c0c40beb448f53d724067d2b03bb2fab2239411fa6c5de0e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.cyble.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 20 Jun 2022 11:38:37 GMT
pod-hostname: app-59df9dc567-xt7xf
server: openresty
vary: Accept-Encoding
via: 1.1 google
x-clacks-overhead: GNU Terry Pratchett
x-xss-protection: 1; mode=block

GET
H2 200 primeicons.ttf
injection.amibreached.com/assets/fonts/ Frame F4A6 56 KB
57 KB 121ms
121ms Font
binary/octet-stream 2606:4700:20::ac43:4768
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://injection.amibreached.com/assets/fonts/primeicons.ttf

Requested by

Host: injection.amibreached.com
URL: https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4768 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1e93246e1f3ea9a11fa1a6d7c14e48a1da911f92043e2e6ef59da5ffd38f070

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://injection.amibreached.com/css/272.8d8a39d8fa64efbb0671.css
Origin: https://blog.cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
via: 1.1 d2efc2528c9d37ec19b94a3d8dc21422.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MXP63-P1
x-cache: Miss from cloudfront
access-control-allow-methods: GET
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
content-length: 57384
last-modified: Mon, 23 May 2022 20:31:50 GMT
server: cloudflare
etag: "121254f73060bcbb53ca13258dbd134f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axAZ29bB%2FoGHRdUpIkpu3dxETgjKc8lstzgwL2j0cAALm%2F2fwsJ54uBL7W7oXVguwnEKBszmLV3V6PawKnyjPN%2BcOhiDfbxxkfpJr7%2FpWgauf56GSWTcV%2F1jbo1vufcUWDzYPLIiYPLU04Ovc0ihetV%2BMS0O424%3D"}],"group":"cf-nel","max_age":604800}
content-type: binary/octet-stream
access-control-allow-origin: https://blog.cyble.com
access-control-expose-headers: x-amz-server-side-encryption, x-amz-request-id, x-amz-id-2, x-origin
cache-control: max-age=14400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 71e4381e9aa95a07-MXP
x-amz-cf-id: fVTY7ABOPTQ1nANaElcmK9ODAjem6izJxDtrh7S9rfODXMpoqbbz0w==

GET
H3 200 polyfill.min.js Show response
koi-3qnocuxufa.marketingautomation.services/includes/js/dist/ Frame E2BF 202 KB
58 KB 118ms
118ms Script
application/javascript 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/includes/js/dist/polyfill.min.js?ver=da2882b40a-1
Requested by: Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: openresty /
Resource Hash: b9a6fca766ed9a201b3658950e9692b259d61f22b13e27b76cbc58d8fb5a4d86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:38:37 GMT
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 13:29:28 GMT
server: openresty
etag: W/"62ab3038-32984"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 google
cache-control: max-age=2592000, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 20 Jul 2022 11:38:37 GMT

GET
H2 200 de.js Show response
storage.googleapis.com/frontend-prod/i18next/master/ Frame E2BF 730 KB
162 KB 117ms
72ms Script
application/javascript 2a00:1450:4001:80f::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/frontend-prod/i18next/master/de.js
Requested by: Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 5428a8eb65f4b8d27cca286e36c3f59c9aa62cc63ed52b478a506e16c6201c52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koi-3qnocuxufa.marketingautomation.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:15:33 GMT
content-encoding: gzip
age: 1384
x-guploader-uploadid: ADPycdsis7IFLo4PpFNHduyy8xQEnvc7n5MG8pCG_cAV0YLaeqG3X1vF5nxZjSBg2tkNhGA-L7IjRPlCOaPavCyciyPNyg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 165361
last-modified: Wed, 08 Jun 2022 14:58:04 GMT
server: UploadServer
etag: "481b97aec65906fab190038aea0fb2e3"
x-goog-hash: crc32c=YoLp0w==, md5=SBuXrsZZBvqxkAOK6g+y4w==
x-goog-generation: 1654700283972978
cache-control: no-transform
x-goog-stored-content-length: 165361
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 20 Jun 2023 11:15:33 GMT

GET
H2 200 antd.css
storage.googleapis.com/frontend-prod/fireant/7f67539c/style/ Frame E2BF 439 KB
440 KB 78ms
32ms Stylesheet
text/css 2a00:1450:4001:80f::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/frontend-prod/fireant/7f67539c/style/antd.css
Requested by: Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 934ecb719a9eb78212ebfa8985f42d4242769b9b650622a1d6e16184378d8eb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koi-3qnocuxufa.marketingautomation.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:05:45 GMT
x-goog-meta-goog-reserved-file-mtime: 1640118138
age: 1972
x-guploader-uploadid: ADPycdtk4nGP8mSv4JooH7DxoQdiAY7HNZ2_Q9VPRk86oJZ3m1TQC5HGy5HIB0_6HRzAwffOkoh6XZDffDVphk4NGFxDdA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 449797
last-modified: Tue, 21 Dec 2021 20:50:54 GMT
server: UploadServer
etag: "79f1517ddc36a516ffbac1d4c1d47233"
x-goog-hash: crc32c=Joc7bg==, md5=efFRfdw2pRb/usHUwdRyMw==
x-goog-generation: 1640119854776231
cache-control: public, max-age=3600
x-goog-stored-content-length: 449797
accept-ranges: bytes
content-type: text/css
expires: Mon, 20 Jun 2022 12:05:45 GMT

GET
H2 200 en_US.main.css
storage.googleapis.com/frontend-prod/common/7e16c022/ Frame E2BF 122 KB
64 KB 62ms
17ms Stylesheet
text/css 2a00:1450:4001:80f::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/frontend-prod/common/7e16c022/en_US.main.css
Requested by: Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2abc10b98bfce0b592d37587d5e8eb1d3c76c6b5e6d549171b1670fa6dab832f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koi-3qnocuxufa.marketingautomation.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:25:47 GMT
content-encoding: gzip
age: 770
x-guploader-uploadid: ADPycdtDEe_nk3QmDPAgp4XOl600jIpYGnXlAK1pUwBvqBAJclqdG9C2gg2UbaC517jTgtZZMtqKev_UOASL9OQvx54W5g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64483
last-modified: Tue, 21 Dec 2021 15:53:55 GMT
server: UploadServer
etag: "85e642aba7acca59008f68a454d27b57"
x-goog-hash: crc32c=Z647nA==, md5=heZCq6esylkAj2ikVNJ7Vw==
x-goog-generation: 1640102035706343
cache-control: public, max-age=31536000,no-transform
x-goog-stored-content-length: 64483
accept-ranges: bytes
content-type: text/css
expires: Tue, 20 Jun 2023 11:25:47 GMT

GET
H2 200 en_US.main.js Show response
storage.googleapis.com/frontend-prod/chatbot-client/9d566c7/ Frame E2BF 2 MB
624 KB 120ms
75ms Script
application/javascript 2a00:1450:4001:80f::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/frontend-prod/chatbot-client/9d566c7/en_US.main.js
Requested by: Host: koi-3qnocuxufa.marketingautomation.services
URL: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 84f15f2111e0591c4ac5ae83c499dbe0800d3a4d5c75aa8a2718acdede8363c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://koi-3qnocuxufa.marketingautomation.services/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:38:38 GMT
content-encoding: gzip
age: 3599
x-guploader-uploadid: ADPycduMl_RdYFi-vDDXhQ8TgkHx9Avs8GfYSwgaSI9zkITtdQ2Gvw9vs0SFpZ-yqeZa5cci92NO22ZlouDg1XnuXTmOnQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 638186
last-modified: Thu, 16 Jun 2022 16:13:32 GMT
server: UploadServer
etag: "e48d4432dfd7ede7404ea08e8a29152f"
x-goog-hash: crc32c=qwEEUA==, md5=5I1EMt/X7edATqCOiikVLw==
x-goog-generation: 1655396012753675
cache-control: no-transform
x-goog-stored-content-length: 638186
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 20 Jun 2023 10:38:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E2BF 3 KB
452 B 58ms
21ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,400italic

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/frontend-prod/common/7e16c022/en_US.main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4b3d5b1db4356aae7e5116c691fb90da522c78ef8bff00e410e4cff222467250

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://storage.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 11:23:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 11:38:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 11:38:37 GMT

POST
H3 200 graphql-public Show response
koi-3qnocuxufa.marketingautomation.services/ Frame E2BF 27 KB
28 KB 156ms
154ms Fetch
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/graphql-public
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/frontend-prod/chatbot-client/9d566c7/en_US.main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 8de00f0bd874809cfda111e38430185c05e85bce3f6b3ad192887d01be4e03b7

Request headers

accept: */*
Referer: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
content-type: application/json

Response headers

date: Mon, 20 Jun 2022 11:38:38 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://koi-3qnocuxufa.marketingautomation.services
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28127
x-kube-pod: api-f675f7b79-8wqzk

POST
H3 200 graphql-public Show response
koi-3qnocuxufa.marketingautomation.services/ Frame E2BF 30 B
45 B 129ms
129ms Fetch
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/graphql-public
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/frontend-prod/chatbot-client/9d566c7/en_US.main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 12bbcbfac99d1e2f8e6bec9b217e77bb2b783f9668baab027923f3924403f303

Request headers

accept: */*
Referer: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
content-type: application/json

Response headers

date: Mon, 20 Jun 2022 11:38:38 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://koi-3qnocuxufa.marketingautomation.services
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30
x-kube-pod: api-f675f7b79-8wqzk

POST
H3 200 graphql-public Show response
koi-3qnocuxufa.marketingautomation.services/ Frame E2BF 27 KB
28 KB 147ms
147ms Fetch
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/graphql-public
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/frontend-prod/chatbot-client/9d566c7/en_US.main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 8de00f0bd874809cfda111e38430185c05e85bce3f6b3ad192887d01be4e03b7

Request headers

accept: */*
Referer: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
content-type: application/json

Response headers

date: Mon, 20 Jun 2022 11:38:38 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://koi-3qnocuxufa.marketingautomation.services
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28127
x-kube-pod: api-f675f7b79-kg6dv

POST
H3 200 graphql-public Show response
koi-3qnocuxufa.marketingautomation.services/ Frame E2BF 30 B
46 B 133ms
133ms Fetch
application/json 130.211.21.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://koi-3qnocuxufa.marketingautomation.services/graphql-public
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/frontend-prod/chatbot-client/9d566c7/en_US.main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 130.211.21.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.21.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 12bbcbfac99d1e2f8e6bec9b217e77bb2b783f9668baab027923f3924403f303

Request headers

accept: */*
Referer: https://koi-3qnocuxufa.marketingautomation.services/publicChatbot?&requestedLanguage=en_US
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
content-type: application/json

Response headers

date: Mon, 20 Jun 2022 11:38:38 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://koi-3qnocuxufa.marketingautomation.services
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30
x-kube-pod: api-f675f7b79-ct8b7

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ Frame E2BF 23 KB
23 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,400italic

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://koi-3qnocuxufa.marketingautomation.services
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:07:14 GMT
x-content-type-options: nosniff
age: 498684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:07:14 GMT

GET
DATA 200
OK truncated
/ Frame E2BF 92 KB
92 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0e8d88f037e62776e9355c3264513f9dd9136a0c05a60a6f8b10df944166882

Request headers

Referer
Origin: https://koi-3qnocuxufa.marketingautomation.services
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: font/woff

GET
H2 204 boom.gif
pixel.wp.com/ 0
37 B 18ms
17ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.144&largest_contentful_paint=2104&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&host_name=blog.cyble.com&url_path=%2F2021%2F02%2F15%2Fngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=16&nt_connectStart=16&nt_connectEnd=32&nt_secureConnectionStart=21&nt_requestStart=32&nt_responseStart=1252&nt_responseEnd=1303&nt_domLoading=1254&nt_domInteractive=1830&nt_domContentLoadedEventStart=1831&nt_domContentLoadedEventEnd=1839&nt_domComplete=3187&nt_loadEventStart=3187&nt_loadEventEnd=3189&nt_redirectCount=0&nt_api_level=2&start_render=1656&first_contentful_paint=1668&resource_size=1896213&resource_transferred=399990&js_size=490096&js_transferred=149706&resource_cache_percent=0&js_cache_percent=0&last_resource_end=3485
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.cyble.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 20 Jun 2022 11:38:39 GMT
cache-control: no-cache
server: nginx

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 08:14:37	Name: _GRECAPTCHA Value: 09ADepaW1rqJF_VsV53KxFEKSMkA9Gv_a--EHBHqza3NJJoQZo0fZielDL38FQ3df7B4CZKtf2aw7hCBXGYy42NLI
blog.cyble.com/	1970-01-20 13:21:20	Name: _wsm_id_1_abdf Value: 7c7b191719ea3f8e.1655725116.1.1655725116.1655725116
blog.cyble.com/	1970-01-20 03:55:26	Name: _wsm_ses_1_abdf Value: *
blog.cyble.com/	1970-01-20 03:56:51	Name: __ss Value: 1655725115697
blog.cyble.com/	1970-01-20 03:55:28	Name: __ss_referrer Value: https%3A//blog.cyble.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/
.cyble.com/	1970-01-20 03:56:51	Name: _gid Value: GA1.2.868412643.1655725116
.cyble.com/	1970-01-20 03:55:25	Name: _gat_gtag_UA_201575643_1 Value: 1
.cyble.com/	1970-01-20 21:26:37	Name: _ga_4FJGSRPM4S Value: GS1.1.1655725115.1.0.1655725115.0
.cyble.com/	1970-01-20 21:26:37	Name: _ga Value: GA1.1.2140075417.1655725116
.marketingautomation.services/	1970-01-23 19:31:25	Name: koitk Value: 202206%7C62b05c3b85c3aa13a57ded68
blog.cyble.com/	1970-01-29 06:55:25	Name: __ss_tk Value: 202206%7C62b05c3b85c3aa13a57ded68
.prfct.co/	1970-01-20 21:26:37	Name: pa_uid Value: pa_JziUiufJOSQEA440N
.prfct.co/	1970-01-20 21:26:37	Name: pa_twitter_ts Value: 1655725116424
.adnxs.com/	1970-01-20 06:05:01	Name: uuid2 Value: 2268720871893001426
.prfct.co/	1970-01-20 21:26:37	Name: pa_yahoo_ts Value: 1655725116494
.prfct.co/	1970-01-20 21:26:37	Name: pa_openx_ts Value: 1655725116500
.prfct.co/	1970-01-20 21:26:37	Name: pa_rubicon_ts Value: 1655725116560
.prfct.co/	1970-01-20 21:26:37	Name: pa_google_ts Value: 1655725116563
.yahoo.com/	1970-01-20 12:41:22	Name: A3 Value: d=AQABBDxcsGICEPjh4GdUnIfoAT4IRmUfGeAFEgEBAQGtsWK6YgAAAAAA_eMAAA&S=AQAAArHD82ZBORT5gb97xyPysSg
.adnxs.com/	1970-01-20 06:05:01	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2In49ithp!@wnf-Te9(>wL5L!!'c=$pDwv
.analytics.yahoo.com/	1970-01-20 12:41:01	Name: IDSYNC Value: 18z4~25kb
.doubleclick.net/	1970-01-20 13:17:01	Name: IDE Value: AHWqTUmxa6q1fSjzfhKEmoGeyKTZ47zw3m4Jf5SL7Bun3_xbJDhkLvknqdbU-rzZluQ
.twitter.com/	1970-01-20 21:26:37	Name: personalization_id Value: "v1_Xzzl4Ch4lsoEL7tw2sb++Q=="

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
app-3qnocuxufa.marketingautomation.services
blog.cyble.com
cm.g.doubleclick.net
fonts.googleapis.com
fonts.gstatic.com
i0.wp.com
injection.amibreached.com
koi-3qnocuxufa.marketingautomation.services
pixel-geo.prfct.co
pixel.rubiconproject.com
pixel.wp.com
platform.twitter.com
region1.google-analytics.com
s0.wp.com
secure.adnxs.com
stats.g.doubleclick.net
stats.wp.com
storage.googleapis.com
syndication.twitter.com
tag.perfectaudience.com
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
104.244.42.195
104.244.42.200
130.211.21.179
151.101.2.217
172.217.16.130
18.156.0.31
185.33.221.53
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.183
2001:4860:4802:32::36
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::ac43:4768
2a00:1450:4001:801::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::2010
2a00:1450:4001:812::2008
2a00:1450:4001:828::200a
2a00:1450:4001:830::2003
2a00:1450:4001:830::2004
2a00:1450:400c:c1b::9a
35.244.159.8
52.211.210.83
69.173.144.138
04369624b742fa4d3f0cac4dc669f2622913f8ce8b59d052e8daad59925235c3
0a50cb3cb6d664943b4e08ff9ba8851ff31be01f824467ab7bdab9b45a423f0c
0ca81e784363b653695d694ec3276de2ad4d2fe79ab3d27da6b31d965001f16d
103631f0296614d362e698668390c9c69484dec4579a12380cd0d8a7f197fa70
1190115dd7e6fbd896f8b541ad48a2dea9c4214cd240ffe2726d8e90d8eb9467
12bbcbfac99d1e2f8e6bec9b217e77bb2b783f9668baab027923f3924403f303
14b63cf8d762d7118924d182b7f6bd9a45ca408b13dfeaca8da0735f26a70e85
1525cd3ea05d1c00e4b385e781749c3bac5c01570b5800198bec0a252bb6c715
186cb05caa2a06748336b3123d7ac53986a650cffcab18f34e5c0ee3c057f591
1a47e85dd8ec320d900f14082243d3af1051e6cb4e7fb8ba8807c6b903530e8a
1e6f4e1fb3197d60d5c7f8f7f738deeff94b513f07e0ad5ca7c4ea85479eb4a0
2537571109b8e5379ecc8b4c6e60449bf440b6f38e7bc5396e0189eb0512e691
27043b4e8ded47e9ad3d0259922cca6ce494b74b8bb5852eb08e4c8f5b0847ae
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3
29d409fee0f34ebc05fa36076c101b77e28dccbcfdbfbf4cf248371820ca9ddb
2abc10b98bfce0b592d37587d5e8eb1d3c76c6b5e6d549171b1670fa6dab832f
2c42851f49a6eb6a0eb3fba8f344f473909f15998d33c94323e13c9cf90cb7ae
30c7d4f5a0e44341ba8c3838925ef3572a59de6f1d54272b44bdbd5574b47bd9
3218b4125f473cd8e081f2d6f892e7e7dca85df9d4486a1e0d783f1f66b2731a
36bc338d4454d68ba19d0b4ad84e5b9bd5cc04d8f1f97d0a6481a8044b76fa95
3c0b68ea789d4bc6705f42dd6c44eb38306b965df01f9409eb4a941370e3b158
3c3cdd9bfb28a3a2f435ea44af789fa516268d41cc49b7fe8228c132015769a6
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
46c174075b10b420c63a3164d75757687e9ef59cac59ba2acfa94cae1533ab6b
4979c129325e064cc7f3b5326ea93c927edf47aa801d07fb531050b1459870f0
49e0f7e4312a7fad805dbcc9a52f704614d7aa6fff8c0040fb7f8b8736ff49da
4a7ee62eb33f3bbb66c2151e5cac6bf4904e28302efc36128f3e3ccae6fde580
4b3d5b1db4356aae7e5116c691fb90da522c78ef8bff00e410e4cff222467250
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c22a3151b18f77d096ebf6bc1379f1730a83aa14994ba5f4aec4c61659f2f8a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ef62e6a9ec1b271a483b3b818f8a17b91c9fbed51048b7ecd13a9fefd838561
5428a8eb65f4b8d27cca286e36c3f59c9aa62cc63ed52b478a506e16c6201c52
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
61c2e7b94a4a7e2c8533283d146fe92e5d77951471631a8048a05109e8347ff0
621916fdae4617775c63ad15b1177ef48debefead33fc3aa14b645d543066bc5
64f244f917c97d234978b485533961c55c0e97a7a478fc51317d4e64e255d8ec
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
734086ea61c81ffdb848a85a28d3209c7d7c38467f3706ca7b66bf1f148b4aa0
7379f6d1c8b7eb53ba56a08e3e5f690f4a79ca5a9a940f0b74769cb04d464d98
77b37711fde49c1d172d6611d6406f105596e4b1d399cf64576adaca516fd23c
7883c3cfb3f71df2ec3c0574dd83d0b6849a12248b6b9142ea99752636310a47
7ee11e6757fa0709d424832d70aa161ddc5ecf2e943e259efc79a7197b7f69c8
81ca0d70f50ab00f0c1e0933c11bf7bb6aada2366994784564f4d324dfd7a60c
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8321348efb44c9dd41d6eab7b2f4aa703fb7a60ae7092a46c2daf86230ef57f0
84f15f2111e0591c4ac5ae83c499dbe0800d3a4d5c75aa8a2718acdede8363c9
86eb7835899c13e4d9af26149422ba288f61cbb5e9ca1e1190d1c6e8d9373f2c
8de00f0bd874809cfda111e38430185c05e85bce3f6b3ad192887d01be4e03b7
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
926f767fec2a5ed3a610735fde7861c24c9c15fa136d9a85d111c2b9ec4a0fa0
934ecb719a9eb78212ebfa8985f42d4242769b9b650622a1d6e16184378d8eb4
942ac7bd57aa9ab08150b9ea568958978907fc37696094274ac6851b99cb757a
9af44543fbf7b09c3d68e46dcb21d2cb9ec5f18bbd537cea92360a85c5db793e
9d904f71a4d973dac278821490969eb0a63dd97635584930bbbbec0a3e608d75
9e038ad8d6f4e0982fc74aa17e251982a487d9e7326ab37ae739d146236593b3
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a11fc3a5a17cfadaafc492fb2588b67efc080706c4c329065bd57025b5864f2c
a1756adc350c37ea26d71ee00ad027bbf35204bff9fb040ecfb5c1a64971cffc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1d57439b7cbb156c806a42b54429bac881c3f9f34c717e5085862b0fa56c972
a2c197367cb631f88fca96c13ec0c06d0a99bc5398d0349716bc06ce7a91e8ce
a2cebfe3738dbd10570bcfea24eb240323f7f03312fce23f999ecbc9fb3cc6cb
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a768264281af2b712d8dd83de283b737376f3ca699ce03c4a5210da018970371
a9af4b89578b8ee4c0c40beb448f53d724067d2b03bb2fab2239411fa6c5de0e
aa12248b53916120c88866586b72b0f8096514eaae98107cd87f796b568dd59b
ab68144a0276d0b93733262be94c5171aae189fc11b50c2fac1a37c7c56ef074
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b5c5ef71bd69f096d2e4a3101793df24319cb32b8e784aa5bd064bdb8bffd9df
b8eca3473b82db5c8b967ba66672e04db8ca490c25ffd8b4c0084d40340bade6
b9a6fca766ed9a201b3658950e9692b259d61f22b13e27b76cbc58d8fb5a4d86
bb3425fae4ff0eb48284ec0e207336d3066731e4ead39c2ba849fb04d32c1faf
bb619ed51448a1da3305a765bd0f03477bca62295de9603b7c4f707f86b48101
bbdb1d21246d1c1a65aca8b41818f593b2d4704a459983866c0d331151b91887
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be3d6d34e57acb77b9cc356dbc40734bdaa35054ce974475d97e7b058a28b32f
c1e93246e1f3ea9a11fa1a6d7c14e48a1da911f92043e2e6ef59da5ffd38f070
c38bc4d28cb6dd5263a68b3efa74cd5b746f9083484871c54f4cd437c828b40e
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c77d2ba289d0e2827ad7f79b00972a63c7f4426d89b8ce6b5da90a368760cfe4
c7d0240fd43289ab1411c5fa1277574ee436d3a3bbb82d34c4d82f32d04517b8
ccc2bd16fa09fd02a0a51c4801453ae3b0baffe5b05ae4b18a9c9b00924239c0
ce02b7050556bd6ede875d8a1b9417a25b48399804667974470364ed7dbccb49
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d1146849b14934539a02490c2934b135178838306e98e2a490a8aac3206f8036
d2c30641eed11d27cc45ab60849aaef8d0cef92b8c75b09648ffb764bd6017c0
d823ab601ea73eabb843499a275d0e4cb498f43b028c63fc68d1d82860f03ac4
dccafac57a7fcedce0d95d35007b502104f45b82f43f052159c370258ef13a53
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0e8d88f037e62776e9355c3264513f9dd9136a0c05a60a6f8b10df944166882
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef722c2006b8496cc98db9bbfb5812d9ae7c54700a42917de4b9bf3ffbd2a246
f00d09a3fe4fe39964b804f3c07eea15672c2586a184e1efba084eef721fbad9
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f83df770a7c9763424b29bfe7462c8f8e807d18dc0b4570f4ada501240007fda
fa86c94c6881caec397b1a58f358561f9bd6ef1dba058efafe3fb8e9e8d5e326

blog.cyble.com Open in urlscan Pro 192.0.78.183 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

109 Requests

93 %HTTPS

44 %IPv6

17 Domains

27 Subdomains

25 IPs

5 Countries

3665 kBTransfer

10209 kBSize

23 Cookies

14 Outgoing links

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

blog.cyble.com Open in urlscan Pro
192.0.78.183 Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

93 %
HTTPS

44 %
IPv6

17
Domains

27
Subdomains

25
IPs

5
Countries

3665 kB
Transfer

10209 kB
Size

23
Cookies

109 HTTP transactions
2 data transactions