cyble.com Open in urlscan Pro
192.0.78.231 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Submission: On December 10 via api (December 10th 2024, 6:19:50 am UTC) from IN — Scanned from US

Summary HTTP 281 Redirects Links 74 Behaviour Indicators

Summary

This website contacted 73 IPs in 2 countries across 62 domains to perform 281 HTTP transactions. The main IP is 192.0.78.231, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is cyble.com.
TLS certificate: Issued by E6 on December 3rd 2024. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
84	192.0.78.231 192.0.78.231	2635 (AUTOMATTIC) (AUTOMATTIC)
12	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
10	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
7	172.253.63.97 172.253.63.97	15169 (GOOGLE) (GOOGLE)
11	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.21.86.248 104.21.86.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	104.17.247.203 104.17.247.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.218.218.161 23.218.218.161	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
2	104.16.186.41 104.16.186.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.139.209 104.16.139.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.142.119 104.18.142.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
6	104.17.111.223 104.17.111.223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.20.39.213 104.20.39.213	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.162.103.91 3.162.103.91	16509 (AMAZON-02) (AMAZON-02)
1	172.64.154.248 172.64.154.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.107.133.146 34.107.133.146	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	172.253.122.101 172.253.122.101	15169 (GOOGLE) (GOOGLE)
22	37.19.207.34 37.19.207.34	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
3	142.251.163.105 142.251.163.105	15169 (GOOGLE) (GOOGLE)
2	23.218.218.181 23.218.218.181	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	157.240.229.1 157.240.229.1	32934 (FACEBOOK) (FACEBOOK)
2	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
2	13.107.253.40 13.107.253.40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.18.30.176 104.18.30.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.72.2 192.0.72.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	3.167.99.33 3.167.99.33	16509 (AMAZON-02) (AMAZON-02)
1	104.17.175.201 104.17.175.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.147.16 172.64.147.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.141.17 104.18.141.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.77.142 104.16.77.142	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.128.172 104.17.128.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.16.117.116 104.16.117.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
12 17	50.16.70.197 50.16.70.197	14618 (AMAZON-AES) (AMAZON-AES)
3	104.18.2.9 104.18.2.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	31.13.66.35 31.13.66.35	32934 (FACEBOOK) (FACEBOOK)
3 9	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
2	142.251.16.156 142.251.16.156	15169 (GOOGLE) (GOOGLE)
1	44.223.154.245 44.223.154.245	14618 (AMAZON-AES) (AMAZON-AES)
1	35.211.202.130 35.211.202.130	15169 (GOOGLE) (GOOGLE)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	142.251.163.155 142.251.163.155	15169 (GOOGLE) (GOOGLE)
1 2	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	69.173.146.5 69.173.146.5	26667 (RUBICONPR...) (RUBICONPROJECT)
2 4	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	70.42.32.159 70.42.32.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	207.65.37.184 207.65.37.184	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	141.226.124.48 141.226.124.48	200478 (TABOOLA-A...) (TABOOLA-AS Taboola.com ltd)
1 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1 2	68.67.161.182 68.67.161.182	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.18.243.108 104.18.243.108	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.138.85.113 108.138.85.113	16509 (AMAZON-02) (AMAZON-02)
1	174.129.215.41 174.129.215.41	14618 (AMAZON-AES) (AMAZON-AES)
4	172.175.38.6 172.175.38.6	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.118.116 104.16.118.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.204.243.204 52.204.243.204	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
2	142.251.179.95 142.251.179.95	15169 (GOOGLE) (GOOGLE)
6	142.251.16.94 142.251.16.94	15169 (GOOGLE) (GOOGLE)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.39.246 104.18.39.246	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	20.110.205.119 20.110.205.119	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	13.107.21.237 13.107.21.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.171.85.60 3.171.85.60	16509 (AMAZON-02) (AMAZON-02)
1	3.167.72.96 3.167.72.96	16509 (AMAZON-02) (AMAZON-02)
4 5	34.237.251.14 34.237.251.14	14618 (AMAZON-AES) (AMAZON-AES)
2 2	18.209.182.48 18.209.182.48	14618 (AMAZON-AES) (AMAZON-AES)
1	3.222.211.52 3.222.211.52	14618 (AMAZON-AES) (AMAZON-AES)
281	73

84 192.0.78.231 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.86.248 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.247.203 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.218.161 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-218-218-161.deploy.static.akamaitechnologies.com

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.186.41 (None, )

ASN13335 (CLOUDFLARENET, US)

www.g2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.139.209 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.111.223 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.20.39.213 (None, )

ASN13335 (CLOUDFLARENET, US)

assets.apollo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.162.103.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-103-91.iad61.r.cloudfront.net

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.154.248 (None, )

ASN13335 (CLOUDFLARENET, US)

nitroscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.133.146 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 146.133.107.34.bc.googleusercontent.com

aplo-evnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.253.122.101 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f101.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 37.19.207.34 (Ashburn, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 37-19-207-34.bunnyinfra.net

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.163.105 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.218.218.181 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-218-218-181.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.253.40 (Redmond, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.30.176 (None, )

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.72.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

videos.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.167.99.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-99-33.iad55.r.cloudfront.net

w.soundcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.175.201 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.141.17 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.77.142 (None, )

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.128.172 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 50.16.70.197 (Ashburn, United States) 12 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-70-197.compute-1.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.2.9 (None, )

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.156 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f156.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.223.154.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-223-154-245.compute-1.amazonaws.com

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.211.202.130 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 130.202.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.33.220.150 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.163.155 (Farmingdale, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.27.193 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.154.8 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.146.5 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.65.37.184 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.124.48 (Chicago, United States)

ASN200478 (TABOOLA-AS Taboola.com ltd, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.161.182 (Colonia, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.243.108 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.85.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-85-113.iad12.r.cloudfront.net

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.129.215.41 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-174-129-215-41.compute-1.amazonaws.com

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.175.38.6 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

k.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.118.116 (None, )

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.204.243.204 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-243-204.compute-1.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.179.95 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.251.16.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.39.246 (None, )

ASN13335 (CLOUDFLARENET, US)

to.getnitropack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.205.119 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.21.237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.171.85.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-171-85-60.iad89.r.cloudfront.net

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.167.72.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-72-96.iad61.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.237.251.14 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-251-14.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.209.182.48 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-182-48.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.211.52 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-211-52.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
84	cyble.com cyble.com	707 KB
36	wp.com c0.wp.com — Cisco Umbrella Rank: 10660 fonts-api.wp.com — Cisco Umbrella Rank: 19537 i0.wp.com — Cisco Umbrella Rank: 4317 s0.wp.com — Cisco Umbrella Rank: 9378 stats.wp.com — Cisco Umbrella Rank: 3804 fonts.wp.com — Cisco Umbrella Rank: 20227 pixel.wp.com — Cisco Umbrella Rank: 3757	1 MB
25	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 6331 api.omappapi.com — Cisco Umbrella Rank: 6333	128 KB
21	adroll.com 12 redirects s.adroll.com — Cisco Umbrella Rank: 3645 d.adroll.com — Cisco Umbrella Rank: 1673 x.adroll.com — Cisco Umbrella Rank: 3549	76 KB
10	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 3945 px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676	166 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 625 k.clarity.ms — Cisco Umbrella Rank: 8151 c.clarity.ms — Cisco Umbrella Rank: 1269	31 KB
7	clickagy.com 4 redirects tags.clickagy.com — Cisco Umbrella Rank: 17878 aorta.clickagy.com — Cisco Umbrella Rank: 2633 hemsync.clickagy.com — Cisco Umbrella Rank: 15954	17 KB
7	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3653 api.hubspot.com — Cisco Umbrella Rank: 5268 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 app.hubspot.com — Cisco Umbrella Rank: 5921 track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	30 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	21 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	748 KB
6	gstatic.com fonts.gstatic.com	92 KB
6	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 cm.g.doubleclick.net — Cisco Umbrella Rank: 284	6 KB
6	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 5669 onesignal.com — Cisco Umbrella Rank: 1761 img.onesignal.com — Cisco Umbrella Rank: 10383	93 KB
6	unpkg.com 4 redirects unpkg.com — Cisco Umbrella Rank: 740	53 KB
5	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1634 syndication.twitter.com — Cisco Umbrella Rank: 2069	30 KB
4	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 525	597 B
4	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 377 js.adsrvr.org — Cisco Umbrella Rank: 1531 insight.adsrvr.org — Cisco Umbrella Rank: 960	8 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5643	4 KB
3	rlcdn.com 3 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 476	852 B
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 470	1 KB
3	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8407	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3	128 B
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 262	1 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514	3 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 17923	45 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 281	2 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 429	981 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 607	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	212 B
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	wordpress.com videos.files.wordpress.com — Cisco Umbrella Rank: 103924	3 MB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	75 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	18 KB
2	aplo-evnt.com aplo-evnt.com — Cisco Umbrella Rank: 30175
2	apollo.io assets.apollo.io — Cisco Umbrella Rank: 29527	289 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2580	2 KB
2	g2.com www.g2.com — Cisco Umbrella Rank: 59326	23 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 205	773 B
1	getnitropack.com to.getnitropack.com — Cisco Umbrella Rank: 17116	119 B
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 18946	1 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	959 B
1	w.org s.w.org — Cisco Umbrella Rank: 4753	679 B
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 14785	5 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	800 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 1304	366 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 886	583 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 897	360 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 419	1 KB
1	pippio.com 1 redirects pippio.com — Cisco Umbrella Rank: 805	635 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 393	183 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	3 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5194	27 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	soundcloud.com w.soundcloud.com — Cisco Umbrella Rank: 27489
1	nitroscripts.com nitroscripts.com — Cisco Umbrella Rank: 16495	760 B
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6979	156 KB
1	unpkg.co 1 redirects unpkg.co — Cisco Umbrella Rank: 197273	802 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	28 KB
281	62

	Domain	Requested by
84	cyble.com	cyble.com c0.wp.com
22	a.omappapi.com	cyble.com a.omappapi.com
17	d.adroll.com	12 redirects s.adroll.com cyble.com
12	c0.wp.com	cyble.com
11	i0.wp.com	cyble.com
7	fonts.wp.com	fonts-api.wp.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
7	www.googletagmanager.com	cyble.com www.googletagmanager.com js.hsadspixel.net
6	fonts.gstatic.com	fonts.googleapis.com
6	px.ads.linkedin.com	2 redirects snap.licdn.com cyble.com
6	unpkg.com	4 redirects cyble.com
5	aorta.clickagy.com	4 redirects tags.clickagy.com
4	k.clarity.ms	www.clarity.ms
4	us-u.openx.net	2 redirects cyble.com
4	platform.twitter.com	cyble.com platform.twitter.com
3	js.zi-scripts.com	cyble.com js.zi-scripts.com
3	onesignal.com	cdn.onesignal.com
3	www.linkedin.com	1 redirects platform.linkedin.com
3	idsync.rlcdn.com	3 redirects
3	pixel.tapad.com	2 redirects cyble.com
3	api.omappapi.com	a.omappapi.com
3	tracking.g2crowd.com	cyble.com tracking.g2crowd.com
3	www.google.com	www.googletagmanager.com cyble.com
2	dpm.demdex.net	2 redirects
2	ws.zoominfo.com	js.zi-scripts.com
2	c.clarity.ms	1 redirects
2	fonts.googleapis.com	a.omappapi.com
2	x.clearbitjs.com	tag.clearbitscripts.com
2	api.hubspot.com	js.usemessages.com
2	ib.adnxs.com	1 redirects cyble.com
2	eb2.3lift.com	1 redirects cyble.com
2	dsum-sec.casalemedia.com	1 redirects cyble.com
2	cm.g.doubleclick.net	2 redirects
2	match.adsrvr.org	2 redirects
2	x.adroll.com	s.adroll.com cyble.com
2	td.doubleclick.net	www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.facebook.com	cyble.com
2	pixel.wp.com	cyble.com
2	videos.files.wordpress.com	cyble.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	aplo-evnt.com	assets.apollo.io
2	s.adroll.com	cyble.com www.googletagmanager.com
2	assets.apollo.io	cyble.com www.googletagmanager.com
2	cdn.onesignal.com	cyble.com cdn.onesignal.com
2	js.hs-scripts.com	cyble.com
2	www.g2.com	cyble.com
2	fonts-api.wp.com	cyble.com
1	hemsync.clickagy.com	tags.clickagy.com
1	insight.adsrvr.org	js.adsrvr.org
1	js.adsrvr.org	cyble.com
1	tags.clickagy.com	cyble.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	c.bing.com	1 redirects
1	to.getnitropack.com	cyble.com
1	img.onesignal.com	cyble.com
1	app.clearbit.com	x.clearbitjs.com
1	syndication.twitter.com	cyble.com
1	app.hubspot.com	js.usemessages.com
1	perf-na1.hsforms.com	cyble.com
1	s.w.org	cyble.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	sync.taboola.com	cyble.com
1	image2.pubmatic.com	cyble.com
1	sync.outbrain.com	cyble.com
1	pixel.rubiconproject.com	cyble.com
1	pippio.com	1 redirects
1	x.bidswitch.net	cyble.com
1	alb.reddit.com	cyble.com
1	pixel-config.reddit.com	www.redditstatic.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	w.soundcloud.com	cyble.com
1	nitroscripts.com	cyble.com
1	stats.wp.com	cyble.com
1	js.hsforms.net	cyble.com
1	s0.wp.com	cyble.com
1	platform.linkedin.com	cyble.com
1	unpkg.co	1 redirects
1	cdnjs.cloudflare.com	cyble.com
281	90

This site contains links to these domains. Also see Links.

Domain
cyble.ai
www.cyble.com
amibreached.com
odin.io
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
cert.gov.ua
www.g2.com
www.linkedin.com
soundcloud.com
trust.cyble.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
tls.automattic.com E6	`2024-12-03` - `2025-03-03`	3 months	crt.sh
wp.com E6	`2024-12-09` - `2025-03-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
www.g2.com WE1	`2024-10-18` - `2025-01-16`	3 months	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
hsforms.net WE1	`2024-12-07` - `2025-03-07`	3 months	crt.sh
*.onesignal.com WE1	`2024-10-31` - `2025-01-29`	3 months	crt.sh
apollo.io E6	`2024-10-30` - `2025-01-28`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
nitroscripts.com WE1	`2024-10-25` - `2025-01-23`	3 months	crt.sh
aplo-evnt.com R10	`2024-11-05` - `2025-02-03`	3 months	crt.sh
a.omappapi.com R10	`2024-11-05` - `2025-02-03`	3 months	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-18` - `2024-12-17`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
g2crowd.com WE1	`2024-10-19` - `2025-01-17`	3 months	crt.sh
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.soundcloud.com GlobalSign GCC R3 DV TLS CA 2020	`2024-02-06` - `2025-03-09`	a year	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
usemessages.com WE1	`2024-12-04` - `2025-03-04`	3 months	crt.sh
hsadspixel.net WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
d.adroll.com Amazon RSA 2048 M03	`2024-09-08` - `2025-10-07`	a year	crt.sh
omappapi.com WE1	`2024-10-12` - `2025-01-10`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.adroll.com Amazon RSA 2048 M02	`2024-07-03` - `2025-07-31`	a year	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
onesignal.com WE1	`2024-10-31` - `2025-01-29`	3 months	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2023-12-18` - `2025-01-17`	a year	crt.sh
hsforms.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-08-18` - `2025-09-16`	a year	crt.sh
syndication.twitter.com R10	`2024-11-25` - `2025-02-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-08-19` - `2025-09-17`	a year	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
zi-scripts.com WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
getnitropack.com WE1	`2024-12-04` - `2025-03-04`	3 months	crt.sh
zoominfo.com E6	`2024-11-12` - `2025-02-10`	3 months	crt.sh
*.clickagy.com Amazon ECDSA 256 M02	`2024-08-22` - `2025-09-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Frame ID: 8670511D616AAACF99CF4DB0A88232E7
Requests: 265 HTTP requests in this frame

Frame: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/1872505476&color=%23cc0000&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Frame ID: F57287126C9A169E2FA55D09B99DF1B7
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fcyble.com
Frame ID: 639598D3ADF14F60FBF94DB480ABD117
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10996750928?random=1733811582969&cv=11&fst=1733811582969&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4c90v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 40D7BD12E35475F29C0B3DB2F8A0CE23
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10996750928?random=1733811583055&cv=11&fst=1733811583055&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c90v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: F8A11C339CDF382771E096142AC2569A
Requests: 1 HTTP requests in this frame

Frame: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU
Frame ID: 99E938B30EEAB84A9B6A5C98CD4B4E6F
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcyble.com
Frame ID: EE54BB0AAC493A72512D770DC6090624
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/7f3850de164a47c192e427a69ebce9ca?uuid=16dee1c1aa0f4081b937eaaf2da21d60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=7f3850de164a47c192e427a69ebce9ca&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true&isIOSMobile=false
Frame ID: 09DC7F0E1B2053D164D0B39AFF09D3AF
Requests: 1 HTTP requests in this frame

Frame: https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=e1b41b13-3e91-46c3-93f6-242ba8b96d2c&xd_origin_host=https%3A%2F%2Fcyble.com
Frame ID: A39E57F6E910D475B3508D79156EFF21
Requests: 1 HTTP requests in this frame

Frame: https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=e1b41b13-3e91-46c3-93f6-242ba8b96d2c&xd_origin_host=https%3A%2F%2Fcyble.com
Frame ID: F4DEA077E4D4E8F7A1F24C293CDD8ADC
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 9C4F7542965FBC180A0075C025AE70EC
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=ixkqho4&ref=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&upid=x1swie6&upv=1.1.0&paapi=1&gdpr=0&gdpr_consent=undefined
Frame ID: 8B5B2E79EC3B9200B14D333337E40DAE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UAC-0215 Phishing Campaign Targets Ukraine's Critical Sectors

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

281
Requests

93 %
HTTPS

0 %
IPv6

62
Domains

90
Subdomains

73
IPs

2
Countries

7797 kB
Transfer

14862 kB
Size

100
Cookies

74 Outgoing links

These are links going to different origins than the main page.

URL: https://cyble.ai/auth/login?__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Login

Search URL Search Domain Scan URL

URL: https://www.cyble.com/products/cyble-vision
Title: Award-winning cyber threat intelligence platform, designed to provide enhanced security through real-time intelligence and threat detection.

Search URL Search Domain Scan URL

URL: https://amibreached.com/
Title: AmIBreached

Search URL Search Domain Scan URL

URL: https://odin.io/
Title: Odin by CybleNew

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: The most advanced internet-scanning tool in the industry for real-time threat detection and cybersecurity

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/?__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: The Cyber ExpressSubscribe

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Cyble Partner Network (CPN)Join Us

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a PartnerRegister

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22IT%20%26%20ITES%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: IT & ITES |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Technology%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Technology |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Government%20%26%20LEA%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Government & LEA |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Healthcare%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Healthcare |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22BFSI%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: BFSI

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20States%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: United States |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Russian%20Federation%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Russian Federation |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22China%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: China |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20Kingdom%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: United Kingdom |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Germany%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Germany

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22North%20America%20%28NA%29%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: North America (NA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Europe%20%26%20UK%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Europe & UK |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Asia%20%26%20Pacific%20%28APAC%29%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Asia & Pacific (APAC) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Middle%20East%20%26%20Africa%20%28MEA%29%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Middle East & Africa (MEA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Australia%20and%20New%20Zealand%20%28ANZ%29%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Australia and New Zealand (ANZ)

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%227bdbd180c081fa63ca94f9c22c457376%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: 7bdbd180c081fa63ca94f9c22c457376 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%228c69830a50fb85d8a794fa46643493b2%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: 8c69830a50fb85d8a794fa46643493b2 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22bbcf7a68f4164a9f5f5cb2d9f30d9790%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: bbcf7a68f4164a9f5f5cb2d9f30d9790

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21887%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: CVE-2024-21887 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2023-46805%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: CVE-2023-46805 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2017-11882%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: CVE-2017-11882 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21893%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: CVE-2024-21893 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2021-44228%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: CVE-2021-44228

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1082%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: T1082 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1140%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: T1140 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1486%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: T1486 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1083%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: T1083 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1105%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: T1105

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA505%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: TA505 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0011%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: TA0011 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0002%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: TA0002 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0001%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: TA0001 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA453%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: TA453

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22security%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: security |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: the-cyber-express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22firewall-daily%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: firewall-daily |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express-news%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: the-cyber-express-news |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22malware%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: malware

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lockbit%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Blackcat%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Blackcat |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lazarus%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Lazarus |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22VoltTyphoon%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: VoltTyphoon |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Kimsuky%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Kimsuky

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22CobaltStrike%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: CobaltStrike |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Qakbot%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Qakbot |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Xmrig%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Xmrig |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Lockbit%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Icedid%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Icedid

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Darkreading%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Darkreading |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Cyber%20Express%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: The Cyber Express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Bleepingcomputer%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Bleepingcomputer |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Hacker%20News%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: The Hacker News |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Infosecurity%20Magazine%22%5D%7D&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&__hsfp=1372317473
Title: Infosecurity Magazine

Search URL Search Domain Scan URL

URL: https://cert.gov.ua/article/6281076
Title: CERT-UA

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/cyble/take_survey?utm_source=review-widget

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global

Search URL Search Domain Scan URL

URL: https://soundcloud.com/cybercrimemagazine
Title: Cybercrime Magazine

Search URL Search Domain Scan URL

URL: https://soundcloud.com/cybercrimemagazine/ai-cybersecurity-microsoft-recall-beyond-beenu-arora-cyble
Title: AI's Impact On Cybersecurity. Microsoft Recall & Beyond. Beenu Arora, Co-Founder & CEO, Cyble.

Search URL Search Domain Scan URL

URL: https://trust.cyble.com/
Title: Cyble Trust Portal

Search URL Search Domain Scan URL

URL: https://www.cyble.com/
Title: Threat Intelligence Platform

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

https://unpkg.co/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Request Chain 62

https://unpkg.com/gsap@3/dist/Draggable.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/Draggable.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Request Chain 176

https://d.adroll.com/cm/b/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

Request Chain 177

https://d.adroll.com/cm/experian/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=45ba5829-bb14-429e-908b-0eebe8d8e1e2&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%2C%2C

Request Chain 178

https://d.adroll.com/cm/g/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Ls5UI6xAVnVmp3v0P5QKiA HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=Ls5UI6xAVnVmp3v0P5QKiA&google_tc= HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 179

https://d.adroll.com/cm/index/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expiration=1765347583 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expiration=1765347583&C=1

Request Chain 180

https://d.adroll.com/cm/l/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=2ece5423ac40567566a77bf43f940a88 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogMmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODgQABoNCP-637oGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=faff57a8593e565e8c8fcdaca62f3878a6421859fa8d3b48223fe1489e7d3d91791426b5417dce21&_=2 HTTP 307
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=faff57a8593e565e8c8fcdaca62f3878a6421859fa8d3b48223fe1489e7d3d91791426b5417dce21&rand=08388349

Request Chain 181

https://d.adroll.com/cm/n/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expires=365

Request Chain 182

https://d.adroll.com/cm/o/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ece5423ac40567566a77bf43f940a88&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ece5423ac40567566a77bf43f940a88&gdpr=0&gdpr_consent=&cc=1

Request Chain 183

https://d.adroll.com/cm/outbrain/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 184

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 185

https://d.adroll.com/cm/taboola/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

Request Chain 186

https://d.adroll.com/cm/triplelift/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

Request Chain 187

https://d.adroll.com/cm/x/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

Request Chain 196

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5254356%26time%3D1733811583603%26li_adsId%3D89fd315c-b8b2-41b1-89db-b7327b65d29b%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fphishing-campaign-targeting-ukraine-uac-0215%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 259

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B5F216842D434F88BBF5BF9A824892E3&RedC=c.clarity.ms&MXFR=08820B56E6676FBD17931E07E26761B1 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B5F216842D434F88BBF5BF9A824892E3&MUID=384684346E6A689F24C591656F7669A7

Request Chain 275

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1 HTTP 302
https://idsync.rlcdn.com/420246.gif?partner_uid=Z1fdg5ssjfEn7Zqvx9duM0OP HTTP 307
https://aorta.clickagy.com/pixel.gif?ch=114&cm=2e16fe1be0f1fbc37316c9ffe7913813edb3df5af1af6f9b8b7c27a355cb98fa25abae5358c0e7bc HTTP 302
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=Z1fdg2sVN0iWkP7kUXr9_o7Q&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=79908&dpuuid=Z1fdg2sVN0iWkP7kUXr9_o7Q&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=124&cm=78748116474472235332090924422301775190 HTTP 302
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D HTTP 302
https://aorta.clickagy.com/pixel.gif?ch=4&cm=79d4eff2-5262-41cf-a67f-db3cb2ae8353&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073026&val=Z1fdg2sVN0iWkP7kUXr9_o7Q

281 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/ 468 KB
66 KB 3428ms
3290ms Document
text/html 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

60893dad7355da8c2a46dfa7e3649667bacd46e975099cf4daf79984e6f301d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-edge-cache: cache,platform=wordpress
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 10 Dec 2024 06:19:41 GMT
host-header: WordPress.com
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/" <https://cyble.com/wp-json/wp/v2/posts/69814>; rel="alternate"; title="JSON"; type="application/json" <https://wp.me/pf01Lu-ia2>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 3.mia _atomic_dca MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-nitro-cache: MISS
x-nitro-disabled: 1
x-nitro-disabled-reason: url not allowed
x-xss-protection: 1; mode=block

GET c942a6a7-f2e4-41fb-b0ba-10f3a689e351
https://cyble.com/ Frame 0
0

GET
H2 200 related-posts.css
c0.wp.com/p/jetpack/14.1/modules/related-posts/ 7 KB
2 KB 218ms
114ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/14.1/modules/related-posts/related-posts.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d3464756d074e73852d37e33c5113f5091731620ec0429917a74f1d6a80d02d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 22 Jan 2024 19:02:16 GMT

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 113 KB
15 KB 70ms
69ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=19.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

116f7f1694a68142058c98492da5867364419dc5eb682c8c12a14b70a9377ba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67478eee-1c3ab"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Wed, 27 Nov 2024 21:28:14 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 48 KB
10 KB 70ms
69ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c8b34d1dc6fe4a35430145b91b748edc088120ef291c09a9dea9e62f87ce3af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67460f42-befd"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Tue, 26 Nov 2024 18:11:14 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 css
fonts-api.wp.com/ 5 KB
1 KB 328ms
207ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

80b0a5f7cd77876b8cba22b64a51004354570213a17e39942a8fc0cff220823a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:19:41 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-nc: BYPASS mia 1
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: nginx

GET
H2 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 78 KB
9 KB 67ms
66ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=2.0.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

af9a996c2c81dfd42f250744c203f1c5cea19f97d95529eace340098a6f43eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674f38b7-136cb"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Tue, 03 Dec 2024 16:58:31 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 58 KB
3 KB 68ms
66ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"61f142da-e64d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/ 11 KB
3 KB 211ms
112ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Tue, 29 Sep 2020 15:53:06 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/ 4 KB
1 KB 212ms
113ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Fri, 07 Jun 2019 20:45:02 GMT

GET
H2 200 front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 67ms
67ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67476ed1-13c8"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Wed, 27 Nov 2024 19:11:13 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 776 B
607 B 67ms
62ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=2.0.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674f38b6-308"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Tue, 03 Dec 2024 16:58:30 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 59 KB
8 KB 67ms
63ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7e39ca202285330a13588739f235a578d206d90662ff2be89581352324b29cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-ec9f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/ 16 KB
5 KB 68ms
63ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-4057"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 e-swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/css/conditionals/ 10 KB
1 KB 68ms
63ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9bc52b3c4e9973d64baa482f332ed895f80d0cd2be37e6a49bf1a2e831eb5ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-2814"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
718 B 68ms
64ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1732561088

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8149b77a96ece76089f6f3203e8931c73b63d1fe943566f42ab6aaf103167fb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8c0-4bd"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:08 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 popup.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/ 974 B
686 B 122ms
118ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/popup.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

104a8d629d83b0015aceaccb0ccff6178efeff33c99a132a148728f800431b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-3ce"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 640 KB
70 KB 121ms
117ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5f206a31c6eec959fb4867ae9ebb52796fc70a61a5c33a7aa83ed00ecb0ef964

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674abe45-9fe15"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Sat, 30 Nov 2024 07:27:01 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-social-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 5 KB
1 KB 122ms
118ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.24.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0cd088147551ecae9b1e29c2ac532c56bb99132973e1310f4911d7fa31997a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-130b"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 brands.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 732 B
646 B 122ms
119ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5009a34e30063ffb89185274681b359ae8c7dac19a606d5b1456ee3524cbc9b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-2dc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 fontawesome.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 70 KB
13 KB 123ms
119ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d417b6ed49cb6ae3dfe2b0bab5d865472052cd0286a9478c74cbb09a02a56d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-119f8"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 solid.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 727 B
649 B 123ms
120ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

93cf6e96459e42f9f656e03ec4800578dc2c021dcde475c9e5e891a7780b0866

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-2d7"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 23 KB
3 KB 123ms
120ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1733738166

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

085f1c63aab752f05fb97467a71718350db0c975cef72e035fac1077ea68abbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6756beb6-5a64"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 09 Dec 2024 09:56:06 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 subscription-modal.css
c0.wp.com/p/jetpack/14.1/modules/comments/subscription-modal-on-comment/ 2 KB
877 B 210ms
115ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/14.1/modules/comments/subscription-modal-on-comment/subscription-modal.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 22 Jan 2024 19:02:16 GMT

GET
H2 200 style.css
c0.wp.com/p/jetpack/14.1/modules/likes/ 5 KB
2 KB 209ms
114ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/14.1/modules/likes/style.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

fa8d2aa34c3125a0fce865a24d0f39bd388269f4ee2c41786dc6c400a023dbb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Mon, 25 Mar 2024 18:39:50 GMT

GET
H2 200 astra-addon-6748b26df282a9-42838972.css
cyble.com/wp-content/uploads/astra-addon/ 50 KB
7 KB 123ms
121ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-6748b26df282a9-42838972.css?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dfb10d80519eef92b73d18d564188be9de6b6c95c63ecfda24285082cf0e110c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6748b26d-c75d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Thu, 28 Nov 2024 18:11:57 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-19102.css
cyble.com/wp-content/uploads/elementor/css/ 30 KB
4 KB 123ms
120ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-19102.css?ver=1732561088

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

54e6a6164f69c9bc0c9098f976648a49f31cc5fae95c9484af6853e800965e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8c0-7962"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:08 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-heading.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 600 B
493 B 123ms
119ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

768ce279895a5bf92b52e3fd9141ec2e700dd614070e7f6f56ba0e75533fd08b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-258"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-image.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 254 B
569 B 125ms
121ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c96637576deebc6e435e2c5a65868b0db2d57b477009d704f050c51a50abd4a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "6744c8af-fe"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 254
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx

GET
H2 200 widget-post-info.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 560 B
513 B 123ms
119ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-post-info.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

358672523e539e3589b7eb66dceffe2c3534ead1c956c0374092ee1b3d1e65ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-230"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-icon-list.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 123ms
118ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

89bb54e03aff26116dd642771d281a558e3bab02d9233ec66e9bac269b6780c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-26c9"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 bounceIn.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/ 367 B
683 B 124ms
119ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/bounceIn.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

02ae6101096a037cafe3c0bb64a0cb7faf1d617bf6afe35b3405f02f03096b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "6744c8b0-16f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 367
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx

GET
H2 200 fadeIn.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/ 77 B
391 B 133ms
128ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeIn.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d9c370831c74b1850d70f5b1c99453d6cda21e5099428a3f21c43bd96c3acb5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "6744c8b0-4d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 77
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx

GET
H2 200 widget-call-to-action.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 11 KB
2 KB 125ms
121ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-call-to-action.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

068d01d2f5a618b2dbc3828da4bb6217feb4e7742c1ddb926473a2968d9917e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-2d28"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 transitions.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/ 7 KB
992 B 125ms
121ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/transitions.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

63bc9667d37a904feb7751646abe3e677541f4de361aab8038776a3f27c988f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-1c58"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-image-box.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 1 KB
660 B 126ms
122ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-image-box.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fb4761991a37966a1db7dc20ff07f33eb2810425ec87b862107c9ae3f4b549a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-581"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-share-buttons.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 32 KB
3 KB 126ms
122ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9ab5fc4c6878070bab4f04176d58c0c5172e227b28bdb02ee4594c7cddb5a11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-7f52"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 apple-webkit.min.css
cyble.com/wp-content/plugins/elementor/assets/css/conditionals/ 7 KB
938 B 126ms
123ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/conditionals/apple-webkit.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dbcfa5b88d853f525bf14ec9ef3e1227b62a8579cc9aa4796c72b655d6a98532

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-1b9c"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-post-navigation.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 2 KB
847 B 127ms
123ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-post-navigation.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f41b0ed4eb477d5bdbeaddcbfa39b3da2d85901f3bcabc525335e0e153eaacef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-945"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-posts.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 14 KB
3 KB 127ms
124ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f859a8cc18d7cd132b29e699b4ffb33b7ff83f74b4c73df293c806d18bc7c231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-3858"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-29249.css
cyble.com/wp-content/uploads/elementor/css/ 21 KB
3 KB 127ms
124ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-29249.css?ver=1733392119

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5aa829951ee5d3932eb7689133dc79f5e8156cde680637cb6f87cc6c33a46d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675176f7-53d4"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Thu, 05 Dec 2024 09:48:39 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-59717.css
cyble.com/wp-content/uploads/elementor/css/ 2 KB
860 B 127ms
125ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-59717.css?ver=1732561088

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f7daf92d34ab4b3159b92726a0d12c15ea1dac04811e2536192854ca24271201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8c0-660"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:08 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-55787.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
794 B 128ms
125ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-55787.css?ver=1732561088

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0eb0fd9517c69d0c495a9ae4dde49828daf40cb663580cbfb8065ca72e9d01fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8c0-5fc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:08 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 public.css
cyble.com/wp-content/plugins/recent-posts-widget-with-thumbnails/ 1 KB
788 B 128ms
126ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

841877ad87c6b92f15ea82ac53484bd2f5a1504d3cea91e30e631f874dc3f19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"66ba14b1-43b"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 12 Aug 2024 13:57:05 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-icon-list.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 128ms
126ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

89bb54e03aff26116dd642771d281a558e3bab02d9233ec66e9bac269b6780c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-26c9"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-blockquote.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 5 KB
1 KB 128ms
126ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-blockquote.min.css?ver=3.25.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e075a50ed4fe42b9a1e7c1d52a00c71d205a55fa7278b07648078fd7cd7fd5ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-1469"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 css
fonts-api.wp.com/ 128 KB
5 KB 443ms
332ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.7.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

46600e0d3986fc826a392eb547f29876bae02fffc6259a5330d6db55adf1393f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:19:41 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-nc: BYPASS mia 1
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: nginx

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ 86 KB
31 KB 204ms
115ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/jquery.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Mon, 28 Aug 2023 17:14:23 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ 13 KB
5 KB 200ms
116ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 09 Jun 2023 05:49:24 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/14.1/_inc/build/related-posts/ 6 KB
2 KB 200ms
117ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/14.1/_inc/build/related-posts/related-posts.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:41 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:41 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Mon, 19 Jun 2023 19:16:27 GMT

GET
H2 200 front.min.js Show response
cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 124ms
123ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67476ed1-21fc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Wed, 27 Nov 2024 19:11:13 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 427 KB
136 KB 247ms
96ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

0233a6911a317d7de430575bd9db2776c25cc9131abd9e280bb065fff1818443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 10 Dec 2024 06:19:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 138760
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 /
cyble.com/ 13 KB
4 KB 1015ms
1014ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/?custom-css=a62b733676

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c26aaa5b7a820c774786f40b28be241ddb4257312745121c33b7428699501002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-ac: 3.mia _atomic_dca MISS
strict-transport-security: max-age=31536000
cf-edge-cache: cache,platform=wordpress
cache-control: no-cache
content-encoding: br
expires: Wed, 10 Dec 2025 06:19:42 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
host-header: WordPress.com
content-type: text/css;charset=utf-8
vary: Accept-Encoding, accept, content-type, cookie
server: nginx
x-hacker: Want root? Visit join.a8c.com and mention this header.

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 2 KB
2 KB 135ms
30ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?resize=150%2C50&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "27bacd8ed6ecbdd7"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sun, 05 Apr 2026 00:06:30 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Thu, 04 Apr 2024 12:06:30 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 2
access-control-allow-origin: *
content-length: 2048
server: nginx

GET
H2 200 Cyble-Black-Logo-1-2127859258-1637602085949.png
cyble.com/wp-content/uploads/2021/11/ 57 KB
58 KB 116ms
115ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2021/11/Cyble-Black-Logo-1-2127859258-1637602085949.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7d12aff8ee5cdb12ff8c234e4ff7168c52d8d7522be165b9c1fc9698f15b2123

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "619bd325-e5ac"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:27 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 58796
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/png
last-modified: Mon, 22 Nov 2021 17:28:05 GMT
server: nginx

GET
H2 200 hawk.png
cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 116ms
116ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/01/hawk.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "65ae78a5-11a0"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:27 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 4512
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/png
last-modified: Mon, 22 Jan 2024 14:16:05 GMT
server: nginx

GET
H3 200 favicon-32x32-1.png
cyble.com/wp-content/uploads/2024/05/ 1 KB
2 KB 99ms
99ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/05/favicon-32x32-1.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

444ddf787deff39d7f0971825470863a3086ad0a5050c3e62eeb43f054840a4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "664efb6a-5a2"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:27 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1442
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/png
last-modified: Thu, 23 May 2024 08:16:42 GMT
server: nginx

GET
H3 200 favicon-2-1.webp
cyble.com/wp-content/uploads/2024/09/ 862 B
1 KB 69ms
69ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/09/favicon-2-1.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4603778746bf8372d75ec7350fe3a07572fc909aaee89fc89595fc93c82699f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "66f1503e-35e"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:27 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 862
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/webp
last-modified: Mon, 23 Sep 2024 11:25:50 GMT
server: nginx

GET
H3 200 CyberExpress-logo-icon-2024.png
cyble.com/wp-content/uploads/2024/07/ 13 KB
13 KB 66ms
65ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/07/CyberExpress-logo-icon-2024.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb12197731dc09800fdafd6a73fb48db5b8d62169139184d0b6fc729192fee50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "6699efa8-337a"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:27 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 13178
date: Tue, 10 Dec 2024 06:19:41 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/png
last-modified: Fri, 19 Jul 2024 04:46:32 GMT
server: nginx

GET
H3 200 products-img-copy.webp
cyble.com/wp-content/uploads/2024/05/ 116 KB
116 KB 56ms
50ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/05/products-img-copy.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bac4ad58a5fd50a805c9b5fb87e844c16c61ea654bf12a8067fef84062ad7d31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "664f150e-1cf8c"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:27 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 118668
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/webp
last-modified: Thu, 23 May 2024 10:06:06 GMT
server: nginx

GET
H3 200 web-image-04-2.webp
cyble.com/wp-content/uploads/2024/11/ 32 KB
33 KB 68ms
63ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/11/web-image-04-2.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0d5b75c856840e6416a09983363ebc6fccf18c130675a5034ff8094e9bdbb0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "6749ac56-80ec"
access-control-allow-methods: GET, HEAD
expires: Sat, 29 Nov 2025 13:59:31 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 33004
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/webp
last-modified: Fri, 29 Nov 2024 11:58:14 GMT
server: nginx

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 89ms
40ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "603e8adc-15d9d"
age: 512056
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dvVECqXGrFcVHHaz7fs6dBW9g2mkOkiMyhn9x7xsXVCjMVjC8oeBvnwgZQ0PKoHVdMgdzHL78l7CWfLuU4WSPm2BcwzHq2ZupNoDcv1ug1%2Fv4ZLAXi2xDRUzHKmXIVjayV2qZMvf"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 30 Nov 2025 06:19:42 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8efb1ff39b6e9ab4-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27938
server: cloudflare

GET
H2

200

gsap.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.co/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/gsap.min.js
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

71 KB
34 KB

45ms
44ms

Script
application/javascript

104.17.247.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

104.17.247.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "11a16-LSb0wGBJGsmA0JymhziNNhAlbrc"
age: 1021464
x-content-type-options: nosniff
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01JDS5DSQD7SX6KE3K70DREC38-mia
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8efb1ff5ceb1a67a-MIA
access-control-allow-origin: *
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, s-maxage=600, max-age=60
location: /gsap@3.12.5/dist/gsap.min.js
content-encoding: br
cf-cache-status: EXPIRED
x-content-type-options: nosniff
via: 1.1 fly.io
cf-ray: 8efb1ff52e2aa67a-MIA
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/plain; charset=utf-8
vary: Accept, Accept-Encoding
fly-request-id: 01JEQKJDA6A273253GBKWYP13C-mia
server: cloudflare

GET
H2

200

Draggable.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.com/gsap@3/dist/Draggable.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/Draggable.min.js
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

35 KB
18 KB

49ms
48ms

Script
application/javascript

104.17.247.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

104.17.247.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "8a94-HTZjIxm5OZUF37t9NM8RcD3q8Uo"
age: 24750430
x-content-type-options: nosniff
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HQNZQ6G0V6BB1RWYZXA1R032-mia
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8efb1ff59e8fa67a-MIA
access-control-allow-origin: *
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, s-maxage=600, max-age=60
location: /gsap@3.12.5/dist/Draggable.min.js
content-encoding: br
cf-cache-status: EXPIRED
x-content-type-options: nosniff
via: 1.1 fly.io
cf-ray: 8efb1ff52e2ba67a-MIA
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/plain; charset=utf-8
vary: Accept, Accept-Encoding
fly-request-id: 01JEQKJDA6SEZHEMXBG1EHCGV0-mia
server: cloudflare

GET
H2 200 Cyble-Blogs-UAC-0215-Phishing.jpg
i0.wp.com/cyble.com/wp-content/uploads/2024/10/ 21 KB
21 KB 195ms
90ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/10/Cyble-Blogs-UAC-0215-Phishing.jpg?w=800&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

488c61b1e9b0b33d58f29ea36304b03b688b2107afebe80a78e2053c81244adc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "94dd433824b79cb3"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Thu, 10 Dec 2026 18:19:42 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Tue, 10 Dec 2024 06:19:42 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/10/Cyble-Blogs-UAC-0215-Phishing.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: MISS mia 2
access-control-allow-origin: *
content-length: 21142
server: nginx

GET
H2 200 Banner-1200-x-90.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/08/ 36 KB
36 KB 128ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/08/Banner-1200-x-90.webp?w=1200&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

67949cf81b1031891a9ce94e48a4d7f2eb8bf47f945f0eb8b6dadaa1b00d4ca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "9a635b971b0b1ac2"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 21:16:17 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 09:16:17 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/08/Banner-1200-x-90.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 1
access-control-allow-origin: *
content-length: 36514
server: nginx

GET
H2 200 in.js Show response
platform.linkedin.com/ 511 KB
160 KB 308ms
61ms Script
text/javascript 23.218.218.161
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.218.161 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-218-218-161.deploy.static.akamaitechnologies.com

Software

Play /

Resource Hash

2d425e13cca65eb80ff0254b9087c4dafc545509e33973f304a7240dc3a19af4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-li-fabric: prod-lva1
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 06:55:11 GMT
x-li-proto: http/1.1
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/javascript; charset=UTF-8
x-cdn-client-ip-version: IPV4
vary: Accept-Encoding
x-li-pop: prod-lva1-x
cache-control: public, max-age=3600
x-cdn: AKAM
x-li-uuid: AAYo5B/RrYm3tX2piJ/BDw==
content-length: 163892
server: Play
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 49

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 210ms
87ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Tue, 10 Dec 2024 06:19:42 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kiad7000057-IAD
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
H2 200 stars
www.g2.com/products/cyble/widgets/ 19 KB
21 KB 256ms
158ms Image
image/png 104.16.186.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.g2.com/products/cyble/widgets/stars?color=white&type=reviews

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.186.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

335232b6561e0fbf8142961ab04844d975fb1f4ba7ea1e0535557897da8ce364

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src * 'self' .g2crowd.com .g2.com; frame-src * 'self' .g2crowd.com .g2.com; font-src * data: 'self' .g2crowd.com .g2.com; form-action * 'self' .g2crowd.com .g2.com; img-src * data: blob: 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src * blob: 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' .g2crowd.com .g2.com; style-src * 'unsafe-inline' 'self' .g2crowd.com .g2.com; worker-src * blob: 'self' .g2crowd.com .g2.com; frame-ancestors *
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 355323c7-6644-48c2-899e-cb5067230b1a
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"604ffbc0e47b8197f0bcd7d7112d83bd"
x-scrapable-source-location: widgets#stars
x-permitted-cross-domain-policies: none
we_are_hiring: https://company.g2.com/careers/open-positions
x-content-type-options: nosniff
x-scrapable-route: false
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/png
content-disposition: inline; filename="white-9.png"; filename*=UTF-8''white-9.png
vary: Origin,Accept-Encoding
last-modified: Mon, 09 Dec 2024 19:23:04 GMT
x-runtime: 0.018489
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action * 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
cache-control: max-age=0, private, must-revalidate
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8efb1ff5bc1c7472-MIA
x-datadome: protected
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 Stay-Ahead-of-Cyber-Threats-300x300-02a-1.gif
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 43 KB
44 KB 45ms
42ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/Stay-Ahead-of-Cyber-Threats-300x300-02a-1.gif?fit=300%2C300&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

9d2c8f34912c4d2e7f1d5ca8b1a6696c65bea86c646beea1eb550b897c61bf50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "f6b9ad8a4caf0941"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sat, 05 Dec 2026 21:50:46 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Thu, 05 Dec 2024 09:50:46 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/01/Stay-Ahead-of-Cyber-Threats-300x300-02a-1.gif>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 3
access-control-allow-origin: *
content-length: 44268
server: nginx

GET
H2 200 banner-1500-x-2000-3-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/10/ 93 KB
94 KB 65ms
64ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/10/banner-1500-x-2000-3-1.webp?fit=1200%2C1600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ff2a8b60278dd156c3d3053a9237262bedee76758475fbe38e81eece6fc020b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "e4a6b8de8cb496f1"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 20:02:36 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 08:02:36 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/10/banner-1500-x-2000-3-1.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 7
access-control-allow-origin: *
content-length: 95644
server: nginx

GET
H2 200 CISO-web-homepage-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/07/ 56 KB
56 KB 66ms
65ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/07/CISO-web-homepage-1.webp?fit=710%2C1004&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

1720f9f3ba818b6997a7a09443b08b846186066911e58f8c47f793bd811912d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "cfd6dcac840987f7"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 21:39:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 09:39:00 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/07/CISO-web-homepage-1.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 1
access-control-allow-origin: *
content-length: 57186
server: nginx

GET
H2 200 Cyble-Blogs-weekly-Vulnerability.jpg
i0.wp.com/cyble.com/wp-content/uploads/2024/12/ 495 KB
496 KB 85ms
84ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/12/Cyble-Blogs-weekly-Vulnerability.jpg?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

5e9a40b65b24273f15ea3f994bc4ba59b451c171f0e461b85af4b7ab5d7457fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "bbe02005dcc675e6"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Thu, 10 Dec 2026 02:20:35 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Mon, 09 Dec 2024 14:20:35 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/12/Cyble-Blogs-weekly-Vulnerability.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 3
access-control-allow-origin: *
content-length: 507122
server: nginx

GET
H2 200 CybleBlogs-3-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/12/ 225 KB
225 KB 148ms
147ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/12/CybleBlogs-3-1.webp?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a4db61a80da765a71da6deb63d1545e138432a34f244d577e1c6cca06303e42e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "22105925fc9d2015"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Thu, 10 Dec 2026 17:45:13 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Tue, 10 Dec 2024 05:45:13 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/12/CybleBlogs-3-1.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: MISS mia 4
access-control-allow-origin: *
content-length: 229910
server: nginx

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
3 KB 33ms
29ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202450
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 40cb25cf386062cf660429f20aa17b915e9537d688d55743758aff5e9525a38e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
etag: W/"666afffe-1849"
access-control-allow-methods: GET, HEAD
expires: Tue, 09 Dec 2025 00:00:00 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 4.mia _dca MISS
content-type: application/javascript
last-modified: Thu, 13 Jun 2024 14:19:42 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
797 B 130ms
129ms Script
application/javascript 104.16.139.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3d70612d910dc4ecf3d0b016f74929004d5345ebd0b97ce70c2d6c0ff90dafa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: EXPIRED
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 06:21:12 GMT
date: Tue, 10 Dec 2024 06:19:42 GMT
x-hubspot-correlation-id: c07c5bee-dcbc-4a5e-9f7d-edbc0d556c3e
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:19:42 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8efb1ff54aa97487-MIA
accept-ranges: bytes
access-control-allow-origin: https://cyble.com
content-length: 707
server: cloudflare

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 484 KB
156 KB 86ms
48ms Script
application/javascript 104.18.142.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: cf2f30cc-cf3a-4652-82a4-b55bb6d09c53
content-encoding: gzip
cf-cache-status: HIT
etag: W/"53fa063fb1734ce6bb187c96e7665972"
x-amz-version-id: kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
age: 327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FiQ%2F%2F166le6ffyxkWSPbvemC7m9i0zkMxwC7bvi0g0Ig2bDWzyJinchQCGbkWDJjY5ke6gpIk50u2I6aOmQLkNyMmOxHfpDMIorG3fQFHiuvzMblfu4OGVU62x9Lixgk"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ZBSp6UuXdGRg83SJIX1KnFhw_rmKbFxYUswBOkMX_MIRzkrYwDeFAQ==
x-hubspot-correlation-id: cf2f30cc-cf3a-4652-82a4-b55bb6d09c53
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 17:07:16 UTC
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-jr57s
x-envoy-upstream-service-time: 3
x-hs-target-asset: forms-embed/static-1.6227/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Tue, 10 Dec 2024 06:19:42 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8ebb467a3fcedd21-ATL
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
cf-ray: 8efb1ff43fd1747d-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 121ms
119ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?fit=300%2C100&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "dca005e7e2e3bf84"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 19:06:03 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 07:06:03 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 2
access-control-allow-origin: *
content-length: 4562
server: nginx

GET
H3 200 widget-text-editor.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 704 B
529 B 35ms
31ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8774a849519bd33b973e8b0deb311ce92a48e0803fb8c78fccd5e06251ef0623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-2c0"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 widget-social-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 5 KB
1 KB 36ms
30ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0cd088147551ecae9b1e29c2ac532c56bb99132973e1310f4911d7fa31997a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-130b"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
297 B 38ms
31ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "6748b262-0"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Thu, 28 Nov 2024 18:11:46 GMT
server: nginx

GET
H3 200 motion-fx.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/ 639 B
549 B 39ms
30ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/motion-fx.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f16c3ea44afc678d334551e6d587690abe2c70306c21cbd41bf675cefe9efe6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-27f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 sticky.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/ 162 B
465 B 39ms
30ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/sticky.min.css?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6f0b2e96bd88c2d8512dfd204adaf2251376467a1f834a51c66ce85f0051979d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "6744c8b8-a2"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 162
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 23 KB
6 KB 41ms
31ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

495fed24d3e9684ea506e6b7128c5ae3f8bb59a053dbf77207cfcaa8f32c0e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67460f42-5db2"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Tue, 26 Nov 2024 18:11:14 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
1 KB 232ms
120ms Script
application/javascript 104.16.139.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.75

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e3ba4792af8735ee40cacd52ec2061118d721b49a05ada6f8f1ce656f8ba1dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: EXPIRED
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 06:21:12 GMT
date: Tue, 10 Dec 2024 06:19:42 GMT
x-hubspot-correlation-id: dc35c3b2-e450-4e85-ae25-1d8bf18af936
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:19:42 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8efb1ff4ba3f7487-MIA
accept-ranges: bytes
access-control-allow-origin: https://cyble.com
content-length: 707
server: cloudflare

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/link-whisper-premium/js/ 5 KB
2 KB 40ms
32ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/link-whisper-premium/js/frontend.min.js?ver=1732561086

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

51961b2c0bdbfaa3f8cb21e59d2ae04e029c44edd84d95e8fb4b67ca55e26b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8be-1237"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:06 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/dom-ready/ 460 B
773 B 45ms
36ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/dom-ready/index.min.js?ver=222ad38e3e5e302c8bbf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "65bad2e4-1cc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 460
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx

GET
H3 200 main.js Show response
cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/ 6 KB
3 KB 48ms
40ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"671001f2-19b5"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 18:12:02 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 subscription-modal.js Show response
c0.wp.com/p/jetpack/14.1/modules/comments/subscription-modal-on-comment/ 4 KB
2 KB 44ms
31ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/14.1/modules/comments/subscription-modal-on-comment/subscription-modal.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

971f611c332c69581c6c65714bba01dce6e8f19a2fcfb8c04f87c60efcae9c69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:42 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Mon, 18 Nov 2024 18:34:36 GMT

GET
H3 200 astra-addon-6748b26e2133f9-18003370.js Show response
cyble.com/wp-content/uploads/astra-addon/ 37 KB
8 KB 48ms
39ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-6748b26e2133f9-18003370.js?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a2ab001c7323aaf5bf6ba68d2aac9f8e4766144ddc83ae8d64e5b95203321e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6748b26e-9387"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 18:11:58 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 purify.min.js Show response
cyble.com/wp-content/plugins/astra-addon/assets/js/minified/ 21 KB
9 KB 48ms
39ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/assets/js/minified/purify.min.js?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

44a647ea363f1573ac79f9d249cd3b07c8c026fa6b0a1107c6ca6cbed852b5cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6748b262-5466"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 18:11:46 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 jquery.sticky.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 48ms
40ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-e89"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 imagesloaded.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/ 5 KB
2 KB 44ms
33ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/imagesloaded.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:42 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 11 Aug 2023 18:18:26 GMT

GET
H2 200 e-202450.js Show response
stats.wp.com/ 7 KB
3 KB 139ms
29ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202450.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=31536000
content-encoding: br
x-nc: HIT mia
etag: W/14421-1717166113332.616
x-minify: t
x-minify-cache: hit
access-control-allow-methods: GET, HEAD
expires: Mon, 08 Dec 2025 18:14:37 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H3 200 helper.min.js Show response
cyble.com/wp-content/plugins/optinmonster/assets/dist/js/ 2 KB
1 KB 52ms
44ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.16.13

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67509ae0-7cb"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 18:09:36 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 81ms
42ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=1.0.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"09282956186c8515ef0d208902803581"
age: 3307
expires: Fri, 13 Dec 2024 06:19:42 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: OneSignal-Subscription-Id
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=259200
via: 1.1 google
cf-ray: 8efb1ff59f1da54f-MIA
server: cloudflare

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/dist/vendor/ 37 KB
14 KB 44ms
33ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4be59303a71dba6e02707efdaf510e858b5a703d09811680dbc3fada6c2111c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:42 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 20 Sep 2024 01:55:35 GMT

GET
H3 200 view.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 5 KB
2 KB 51ms
44ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=14.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8aece4bc00bb232af7eb9025ffe6ab936b93b2d7f408fa0ba242831682aa07e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"66d5ccea-148c"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 14:34:18 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
4 KB 48ms
41ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0a0b85f55ebb7086cee0971885ce7e6ffea8e46b1cef521394122362102518c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-51bc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 49ms
41ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

270e916e0527855b7fb38a288df78658e646a99a057969e4172506375ae17820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-d3d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 49ms
42ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-7ad"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 49ms
42ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fdc9a433f5b281b04f603b4c887f28ef632a7f5421a160e02f784c7c9bf63041

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-1877"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 50ms
43ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a542f4b92ca1daa49d452f46578dfb0178939c378da21f7388e75e55575fa69b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-1484"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 54 KB
16 KB 55ms
48ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c69c3ed69efdef75400086f66e14917fa9746e39ee23774c055ad25355b5bc7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-d628"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 5 KB
2 KB 55ms
48ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=84e753e2b66eb7028d38

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a751e5eaf162f1ffd88318bd3156b6fa5f6cd8fec6885d0d840d1af7dfa7795d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67064d22-127a"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Wed, 09 Oct 2024 09:30:10 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 55ms
48ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=bd5a2533e717a1043151

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f173fd421b26d6877143a9120fd91f86cd07e4deaa36b9fb2e04dec261ab3462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6718ec60-227f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Wed, 23 Oct 2024 12:30:24 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 56ms
49ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5f75229618682b638f81b324b803e9c4752b8eba4a5846daa094c7626e2639d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-6152"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 core.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ui/ 21 KB
7 KB 42ms
34ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT mia 1
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 06:19:42 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Thu, 27 Jun 2024 12:55:22 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 43 KB
14 KB 56ms
49ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b195b9c5737214bef71cd6405af04b3eb88882acd9c582a0432c18c0561756bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-ac5f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 42 KB
11 KB 56ms
50ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.25.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

252ff47bdded7295123a3a968787365824d86c1039686f0153ba50e8e5d9ecc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-a79c"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 340 KB
115 KB 135ms
134ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

b868e5891fc3e467ac6203bb3f4756f85ae07372435aaf22039d44c152c3fbf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 10 Dec 2024 06:19:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 117738
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 tracker.iife.js Show response
assets.apollo.io/micro/website-tracker/ 3 KB
2 KB 118ms
46ms Script
application/javascript 104.20.39.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=o0jo1q
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.39.213 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=I3tUEw==, md5=SC6zvnW2DshviOm8MzN+iA==
etag: "482eb3be75b60ec86f88e9bc33337e88"
age: 74818
cf-cache-status: HIT
x-goog-stored-content-encoding: gzip
expires: Tue, 09 Dec 2025 08:38:42 GMT
x-goog-stored-content-length: 1168
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
last-modified: Mon, 12 Feb 2024 19:05:14 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5Gu2xIssDz20fH3NFKmKr5v7SuiKofFnB18TnkF2mqCg6Wu6DMRIB_Z3MgDnlRzKXKZPSq9oKPsw
cache-control: public, max-age=31457940
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 8efb1ff5db2f31de-MIA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1707764714580510
content-length: 1168
server: cloudflare

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 105 KB
32 KB 252ms
98ms Script
text/javascript 3.162.103.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-91.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c34181d77c490de9444cbd842fda06aa589abd9bc9d1bc1de0dceedca2d40bc8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: DC9dkt.iB9WcGJPNnf9Hze6lo.J01XTn
Etag: W/"3b8a916e364dd5d29a31493f0bc6ccc0"
Age: 2363
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: HQPAuxTFfcuwnDBRqPcLUyyEC5vJ1NBUZHfDqdnGW1u_ncOX5SHcDA==
Date: Tue, 10 Dec 2024 05:42:32 GMT
Content-Type: text/javascript; charset=utf-8
Vary: accept-encoding
Last-Modified: Fri, 06 Dec 2024 11:59:04 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: IAD61-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 JPtKKXLsjJbtelUWnenRbIbVJOerqPTK Show response
nitroscripts.com/ 993 B
760 B 159ms
62ms Script
text/javascript 172.64.154.248
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nitroscripts.com/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.154.248 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a25c19dbd47bf7b70982d51eb7cb40e12f1ae3070bd04ec5a974e8d2ca8f7736

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=600, stale-while-revalidate=31536000
content-encoding: gzip
cf-cache-status: HIT
age: 721
cf-ray: 8efb1ff64da13367-MIA
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/javascript
last-modified: Tue, 10 Dec 2024 06:05:56 GMT
vary: Accept-Encoding
server: cloudflare

POST
H2 204 track_request
aplo-evnt.com/api/v1/intent_pixel/ 0
0 102ms
100ms Fetch 34.107.133.146
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66aa6aa341d7bf055eb1fbce

Requested by

Host: assets.apollo.io
URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=o0jo1q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

146.133.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn .salesforce.com .lightning.force.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
x-transaction-id: 5cea6044d52d448fe916a3b39d75fd7f
access-control-max-age: 7200
cache-control: no-cache
content-security-policy: frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
x-content-type-options: nosniff
via: 1.1 google
status: 204 No Content
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
vary: Origin
server: nginx
x-frame-options: ALLOWALL

OPTIONS
H2 200 track_request
aplo-evnt.com/api/v1/intent_pixel/ Frame 0
0 208ms
136ms Preflight 34.107.133.146
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66aa6aa341d7bf055eb1fbce
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 146.133.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 7200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 0
date: Tue, 10 Dec 2024 06:19:42 GMT
server: nginx
status: 200 OK
via: 1.1 google

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 274ms
128ms Fetch
text/plain 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je4c90v885439329za200&_p=1733811582064&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=446767075.1733811582&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733811582&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4565
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.122.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f101.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 105ms
36ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 43358
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7884
date: Tue, 10 Dec 2024 06:19:42 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 105ms
36ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 43446
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7748
date: Tue, 10 Dec 2024 06:19:42 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:54:05 GMT
server: nginx

GET
H3 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
4 KB 31ms
31ms Font
application/font-woff 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "67460f42-ce8"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 08:55:23 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 3304
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/font-woff
last-modified: Tue, 26 Nov 2024 18:11:14 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 102ms
34ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 43352
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7816
date: Tue, 10 Dec 2024 06:19:42 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:03 GMT
server: nginx

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 47 KB
17 KB 381ms
205ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 02a661490aa341e4e0abb139d22f9dfaf7de3206329a4d22acacd96cd46351c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e943-bb7b"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:42 GMT
cdn-storageserver: NY-346
last-modified: Wed, 04 Dec 2024 23:44:03 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/04/2024 23:47:23
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 5f08016cd557c8c3bb395568fc5424fe
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 432 KB
136 KB 87ms
85ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

b9ced47ef3ad562923708f2c297de4ba34f02d70b886304d9ec2f68196af532a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 10 Dec 2024 06:19:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 139457
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 collect
www.google.com/ccm/ 0
0 190ms
66ms Ping
text/plain 142.251.163.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1689297539.1733811583&auid=2032196222.1733811583&npa=0&gtm=45He4c90v868834701za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&tft=1733811582644&tfd=4718&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.163.105 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: wv-in-f105.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
88 KB 94ms
94ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

e807502afac6b5a89fab76877558873bee858c33be8a6c3dd5c6ee0101dd7420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 10 Dec 2024 06:19:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89768
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 74ms
73ms Script
text/javascript 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
age: 2674
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 07:35:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 05:35:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
4 KB 252ms
84ms Script
application/javascript 23.218.218.181
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.218.181 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-218-218-181.deploy.static.akamaitechnologies.com

Software

Resource Hash

da6cc3e07157e3847c0cc83a0ed1261245a44880786922222e9e56a8aa9bb92a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=53042
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 3384
date: Tue, 10 Dec 2024 06:19:42 GMT
last-modified: Sun, 08 Dec 2024 10:26:01 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 136ms
56ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-5wVPZIoq' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-5wVPZIoq' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=66, rtx=0, c=23, mss=1232, tbw=4522, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: Uq8fSgU1EYeIScYZMqJAMW5OXcUxcfKuAnxZa2yC7v/gR/MFofWs0GAu7vtHebfA7oGuv1XP3guzIrw76tQDsw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62212
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 432 KB
137 KB 98ms
98ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

b9e2438f6d5140a1c762ff89c499310dee46597bcb2e54d9031abe8e57b3a112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Tue, 10 Dec 2024 06:19:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 139456
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 133ms
31ms Script
application/javascript 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Tue, 10 Dec 2024 06:19:42 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 689 B
1 KB 354ms
128ms Script
application/x-javascript 13.107.253.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.253.40 Redmond, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 104b75765fb6123a6d82c82d0bdcdca35d2f6231af61de21f42bdb83c805760b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 689
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/x-javascript
x-azure-ref: 20241210T061942Z-1855bb45f694d8z6hC1BN16kg00000000ev0000000004qh8

GET
H2 200 1010805.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 191ms
99ms Script
text/javascript 104.18.30.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010805.js?p=https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/&e=

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.176 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f0171934a868318185fd805252f4d75230bfc623b87e0100a0fb2d97001a048

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8efb1ff84cd3d9bd-MIA
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 meetings-widget.js Show response
assets.apollo.io/js/meetings/ 1 MB
287 KB 58ms
57ms Script
application/javascript 104.20.39.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.apollo.io/js/meetings/meetings-widget.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.39.213 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21ca401cbbde35042f019c98838ddf7fcb692d34804d581212588e41c62a1152

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=LBA9lg==, md5=ziQYACHrt7iRO27CGtQ6dA==
etag: "ce24180021ebb7b8913b6ec21ad43a74"
age: 859
cf-cache-status: HIT
x-goog-stored-content-encoding: gzip
expires: Wed, 10 Dec 2025 05:52:02 GMT
x-goog-stored-content-length: 293742
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/javascript
last-modified: Tue, 10 Dec 2024 05:41:28 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC6VZWr6LxqMFlAW1RsOks5oUugeMAb727NXVY4tidHiZBmaT3uUtD0VLro1fzeapjg3
cache-control: public, max-age=31534340
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 8efb1ff7bcb531de-MIA
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1733809288104124
content-length: 293742
server: cloudflare

GET
H3 200 threat-report.jpg
i0.wp.com/cyble.com/wp-content/uploads/2024/08/ 54 KB
54 KB 42ms
42ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/08/threat-report.jpg?fit=1024%2C368&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c815c49731528111127f7705e82a2d7a8ca5b5e1a1a0435af6e7b0407a842928

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/

Response headers

etag: "aae1f88a7ee37090"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 19:26:31 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 07:26:31 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/08/threat-report.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 6
access-control-allow-origin: *
content-length: 55002
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 45ms
43ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 43370
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7840
date: Tue, 10 Dec 2024 06:19:42 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:49 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 49ms
49ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 19918
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8000
date: Tue, 10 Dec 2024 06:19:42 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:31 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 50ms
49ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 569
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7824
date: Tue, 10 Dec 2024 06:19:42 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:52:39 GMT
server: nginx

GET
H2 206 banner-ad-cyble-1.mp4
videos.files.wordpress.com/jmrVNgDZ/ 337 KB
337 KB 666ms
582ms Media
video/mp4 192.0.72.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/jmrVNgDZ/banner-ad-cyble-1.mp4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

56bf0f760c2ff663fc46bd5835dde1654cdd29d06fcebebe1582f4872ba50751

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT mia 2
Content-Range: bytes 0-344857/344858
x-content-type-options: nosniff
expires: Fri, 27 Dec 2024 05:00:09 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
Content-Length: 344858
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: video/mp4
last-modified: Tue, 22 Oct 2024 12:28:28 GMT
server: nginx

GET
H2 206 cyble-ad.mp4
videos.files.wordpress.com/ZiU8IFTQ/ 3 MB
3 MB 246ms
163ms Media
video/mp4 192.0.72.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/ZiU8IFTQ/cyble-ad.mp4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8092e395138f7b26adbcba6232e3ebb0e29a839b0e7f0f8773ee11fcb294d2bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT mia 2
Content-Range: bytes 0-3311316/3311317
x-content-type-options: nosniff
expires: Wed, 01 Jan 2025 04:04:27 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
Content-Length: 3311317
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: video/mp4
last-modified: Thu, 24 Oct 2024 10:30:29 GMT
server: nginx

GET
H2 200 rating_schema.json Show response
www.g2.com/products/cyble/ 334 B
2 KB 264ms
153ms Fetch
application/json 104.16.186.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.g2.com/products/cyble/rating_schema.json

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.186.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db231971790e0cbafc4b9ea698e905207070577024d8c6485a87576fd79affc1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src * 'self' .g2crowd.com .g2.com; frame-src * 'self' .g2crowd.com .g2.com; font-src * data: 'self' .g2crowd.com .g2.com; form-action * 'self' .g2crowd.com .g2.com; img-src * data: blob: 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src * blob: 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' .g2crowd.com .g2.com; style-src * 'unsafe-inline' 'self' .g2crowd.com .g2.com; worker-src * blob: 'self' .g2crowd.com .g2.com; frame-ancestors *
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 7200
x-request-id: 75f22f31-95a8-4755-96e7-be7f02d38824
access-control-expose-headers
content-encoding: gzip
cf-cache-status: HIT
etag: W/"db231971790e0cbafc4b9ea698e90520"
x-permitted-cross-domain-policies: none
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 08:19:42 GMT
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: application/json; charset=utf-8
vary: Origin,Accept-Encoding
x-runtime: 0.017101
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action * 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
cache-control: public, max-age=7200
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8efb1ff8cc17335b-MIA
access-control-allow-origin: *
x-datadome: protected
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 /
w.soundcloud.com/player/ Frame F572 0
0 282ms
123ms Document
text/html 3.167.99.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/1872505476&color=%23cc0000&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.167.99.33 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-167-99-33.iad55.r.cloudfront.net

Software

am/2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html
date: Tue, 10 Dec 2024 06:19:42 GMT
p3p: policyref="https://w.soundcloud.com/player/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV TAI PSAo PSDo OUR STP CNT"
server: am/2
strict-transport-security: max-age=63072000
vary: Accept-Encoding
via: sssr, 1.1 df2f03f1e32bc36cc15af726be2891aa.cloudfront.net (CloudFront)
x-amz-cf-id: 000wQj5QVkxGsI8cLFC-a19fGZ7SBspRzxFaG4tmJeJ1JmrA6TPVQA==
x-amz-cf-pop: IAD55-P7
x-cache: Hit from cloudfront

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 90ms
87ms Fetch
text/plain 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je4c90v885439329za200&_p=1733811582064&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=446767075.1733811582&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1733811582&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=scroll&epn.percent_scrolled=90&_et=56&tfd=4836
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.122.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f101.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4c30/ Frame 6395 0
0 223ms
83ms Document
text/html 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4c30/sw_iframe.html?origin=https%3A%2F%2Fcyble.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 7393
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Tue, 10 Dec 2024 04:16:29 GMT
expires: Wed, 10 Dec 2025 04:16:29 GMT
last-modified: Tue, 03 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1733811300000/ 68 KB
25 KB 243ms
142ms Script
text/javascript 104.17.175.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1733811300000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.175.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cfa0aa86ba2071144541fb9d26f2504f360d49dc25af11a0b8f1b523a59e48e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: b1afe19e-110f-4ce7-b307-4654ac73ad5d
content-encoding: gzip
cf-cache-status: HIT
etag: W/"56e2d969cae2e49c7c7ccf913e113ce3"
x-amz-version-id: null
expires: Tue, 10 Dec 2024 06:22:48 GMT
x-evy-trace-listener: listener_https
date: Tue, 10 Dec 2024 06:19:43 GMT
x-hubspot-correlation-id: b1afe19e-110f-4ce7-b307-4654ac73ad5d
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 21:03:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: k9CaouwEUKY2/UzmEvrNKOqx4BCjsUgj4DiT+1zny7e6j+e8dIFt1w28piW9NpWiaebobj4yFfoJImi9wy8lLA==
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ttmxb
x-envoy-upstream-service-time: 45
access-control-allow-credentials: false
x-amz-request-id: 1JJQSZY98PHD4C7K
cf-ray: 8efb1ff93ed05c77-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 71 KB
26 KB 220ms
150ms Script
text/javascript 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2f7d72587caa4ad01e2dea12665d2e1e83a1a6e3326c0eaec6e2131df0eec86

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 6021d2d0-f0c2-44b6-9135-3de42943fc57
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"f2fef2fabb74ea607d35963c1d2a42a3"
x-amz-version-id: 1HGcWOOKe.DjPVtx06wt73pO72LgkEvr
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Tue, 10 Dec 2024 06:24:43 GMT
x-evy-trace-listener: listener_https
date: Tue, 10 Dec 2024 06:19:43 GMT
x-hubspot-correlation-id: 6021d2d0-f0c2-44b6-9135-3de42943fc57
content-type: text/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 10:36:50 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 9HgDJWjCmPAbAztOPkbMBTZsUfyGagfb2OssPJHoCJx1ZzES8Eive/1En5vj4YApeLeVx3mTOUNRR8kYe9NzLw==
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-rppc2
x-envoy-upstream-service-time: 232
access-control-allow-credentials: true
x-amz-request-id: 5809WETJSMXE3YDC
cf-ray: 8efb1ff9297725b5-MIA
access-control-allow-origin: https://thecyberexpress.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 114ms
44ms Script
application/javascript 104.18.141.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.141.17 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 401385fd-3705-417d-ba4d-ffd24508ae0a
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
etag: W/"ce26171eff05376a1b746efbb809f7f6"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 55719
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: y76bfF0ZSzE-QZzn297mr6cJOIFdK1dEyCKAs-hb52o5TXf9DsluIg==
x-hubspot-correlation-id: 401385fd-3705-417d-ba4d-ffd24508ae0a
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:54:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xkq4z
x-envoy-upstream-service-time: 48
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Tue, 10 Dec 2024 06:19:42 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8ecc51ff0cb70f41-IAD
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
cf-ray: 8efb1ff93f349ae3-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 94 KB
27 KB 124ms
51ms Script
application/javascript 104.16.77.142
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.77.142 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98a7b742330c2c2ce413a79e00cc7daafe932518e10355cd9daedfa81201422f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
x-request-id: e6f2a4da-0244-4f7a-968a-1c354596a499
content-encoding: gzip
cf-cache-status: HIT
etag: W/"052ee1e66dd555cf68d83e36df65e002"
x-amz-version-id: JmnE.38RfQ3qHqWteYm6N86yHfE5xboM
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
age: 435
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: VIzCkST_Tj-8mlv98swPxAEZbNkwplPBn1MimIoEorOpyYKNJPsMrQ==
date: Tue, 10 Dec 2024 06:19:42 GMT
x-hubspot-correlation-id: e6f2a4da-0244-4f7a-968a-1c354596a499
content-type: application/javascript; charset=utf-8
last-modified: Mon, 09 Dec 2024 15:40:52 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-2w2nl
x-envoy-upstream-service-time: 2
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.19111/bundles/project.js&cfRay=8ef627837c8a05e8-IAD
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
cf-ray: 8efb1ff95a377439-MIA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.19111/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 118ms
42ms Script
application/javascript 104.17.128.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.128.172 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5698138ddbe35f9a9d11b41d77f994f0d65b4b1e88b066b5cd512ae6ccebce7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
x-request-id: afdd44f8-c915-452d-880a-95e47293b001
content-encoding: gzip
cf-cache-status: HIT
etag: W/"0eefc8fd2910f08c09ece7d8ae0085ef"
x-amz-version-id: CuyUZln_9hJaRGzfYcPPJkHAbDKyZ4S0
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 514
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: 4zRKZ8ueeDgTk9goQZdfNO3WDlkxdANVBDZ6Oo0nH45WnqE0AwdPxQ==
date: Tue, 10 Dec 2024 06:19:42 GMT
x-hubspot-correlation-id: afdd44f8-c915-452d-880a-95e47293b001
content-type: application/javascript; charset=utf-8
last-modified: Mon, 09 Dec 2024 20:10:00 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-2w2nl
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.918/bundles/pixels-release.js&cfRay=8ef7b1ff3ce205c7-IAD
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
cf-ray: 8efb1ff98ebe7472-MIA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.918/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 195ms
91ms Script
application/javascript 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 3c007e6a-b8cb-43a7-8e1d-b7d0ffc963de
content-encoding: gzip
cf-cache-status: EXPIRED
etag: W/"224467cc4ce3a08f302186b8a1ce03c9"
x-amz-version-id: mNXUuIIWhVdVPzPqyp_sjRXwZmR0sDd4
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1u3w9CIZUsEGRx4%2Fnd6SEy9hseCEdupCHIDff259O8VUIV8micQ1OyNgEg5gCq3SivZkEIcbT4TNjS8vShWwPuycdhoO3FsWJJTPeiQ5%2BLGNsIs9CzGD0CEgzsBgrCua"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: tNNAzBOfls5bXyxF0GubP3Tvit6_Lvh15-Qqz1hlECVJJCF8015OFQ==
x-hubspot-correlation-id: 3c007e6a-b8cb-43a7-8e1d-b7d0ffc963de
content-type: application/javascript; charset=utf-8
last-modified: Mon, 02 Dec 2024 10:47:31 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-mcbqq
x-envoy-upstream-service-time: 3
x-hs-target-asset: web-interactives-embed/static-2.1869/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Tue, 10 Dec 2024 06:19:43 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1869/bundles/project.js&cfRay=8ebad2d629646991-ATL
via: 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
cf-ray: 8efb1ffa1bf531d2-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H3 200 fa-solid-900.woff2
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 76 KB
77 KB 31ms
30ms Font
application/font-woff2 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.15.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.15.3

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "6744c8b0-13174"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 08:55:26 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 78196
date: Tue, 10 Dec 2024 06:19:42 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/font-woff2
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
26 B 61ms
61ms XHR
text/plain 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=60893129&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&ul=en-us&de=UTF-8&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=1987204547&gjid=1813359667&cid=446767075.1733811582&tid=UA-201575643-1&_gid=277221608.1733811583&_r=1&_slc=1&gtm=45He4c90n81PMWT557v868834701za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&z=1033030209

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:42 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 80ms
80ms Fetch
text/plain 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je4c90z8868834701za200zb868834701&_p=1733811582064&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&cid=446767075.1733811582&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733811582&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_fv=1&_ss=1&tfd=5069
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c&gtm=45He4c90v868834701za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f101.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: text/plain
server: Golfe2

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 63ms
63ms Fetch
text/plain 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45be4c90v9106873920z8868834701za200&_p=1733811582064&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&cid=446767075.1733811582&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733811583&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_fv=1&_ss=1&tfd=5128
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4c90v868834701za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f101.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/a2_femnl853pd9q/ 3 B
124 B 206ms
109ms XHR
application/json 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/a2_femnl853pd9q/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/json

GET
H2 200 a2_femnl853pd9q_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 205ms
113ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_femnl853pd9q_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 205ms
110ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1733811583061&id=a2_femnl853pd9q&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=91dc37d5-7079-4900-88aa-ac5ab65c46b0&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
server: Varnish

GET
H3 200 1126903675356441 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 131ms
130ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1126903675356441?v=2.9.178&r=stable&domain=cyble.com&hme=28abfdc7e582ae2a8fdd6ac5ebb406923cf601dc2ee488049b0628e75e0f6b36&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

ece71cd9595c09fec3d17cf9cd1a2b613f32e48fc6e288214593b5091416cb94

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-sWqsSvY7' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-sWqsSvY7' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=54, rtx=0, c=77, mss=1232, tbw=70474, tp=65, tpl=0, uplat=59, ullat=0
pragma: public
x-fb-debug: 1Jp9PAwdGo2IsMDcx6QLI5FDbc3I5HCpScIBdlhLTkFxcm6vOMZQq6lwqZXTBiQ4dg0RcMkM9lr+Zz1XAbavkA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 525 B
1 KB 276ms
111ms Script
application/javascript 50.16.70.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&_s=a44973c86526534037a42b36ac1df6b4&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.70.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-70-197.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: 0bcbd82d69f75075c7e7897cb6c92c62dbe4430008ecdfcf56bdbc131488982f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-length: 525
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
pragma: no-cache
content-type: application/javascript
server: nginx/1.22.1

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 85ms
83ms Ping
text/html 104.18.30.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010805.js?p=https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.30.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryC4hzhBmqOSRjwJNE
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 40ms
31ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=69814&tz=-5&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A14.1&host=cyble.com&ref=&fcp=4627&rand=0.4578955339639319
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache
access-control-allow-origin: *
content-length: 50
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
server: nginx

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 55ms
55ms Script
application/javascript 23.218.218.181
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.218.181 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-218-218-181.deploy.static.akamaitechnologies.com

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=64879
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Tue, 10 Dec 2024 06:19:43 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 94ms
93ms Stylesheet
text/css 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: bc17aba2e2968927fbdbe26ede920ab0c8405778eaef52b009438a5fcf4ea4e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e944-2644"
cdn-fileserver: 388
date: Tue, 10 Dec 2024 06:19:43 GMT
cdn-storageserver: NY-346
last-modified: Wed, 04 Dec 2024 23:44:04 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/04/2024 23:47:26
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 7351253abc7429311b364d2a0cc3f9a4
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 hrmi1wlyf5zkw7jqsfln Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 216ms
81ms XHR
application/json 104.18.2.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/hrmi1wlyf5zkw7jqsfln
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8483ea5c1d443e6c3e452a647ccba999dc81051a4ff29b9a7bbbc0aca869d4f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"a1bf687a6e6d6d63ef024317cc9476cd"
expires: Tue, 10 Dec 2024 06:02:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: pvOeFrZt7i2eMSRwP42LZuyTLNfNYGGNg6qAy3JFwvxXxUSP-bvNbw==
date: Tue, 10 Dec 2024 06:19:43 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Tue, 20 Aug 2024 18:11:51 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: hrmi1wlyf5zkw7jqsfln
via: 1.1 1da46bf2c10de63b8064536f4f021d2a.cloudfront.net (CloudFront)
cf-ray: 8efb1ffcacd59ab9-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P1
server: cloudflare

GET
H2 200 qwhadlzmcw4mk1qs4g8k Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 213ms
81ms XHR
application/json 104.18.2.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/qwhadlzmcw4mk1qs4g8k
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed632e360c39c0dd4221ab4ceab93684e8bdcba75055acdcdab64d74a9e13c6e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"1530186811dff23ce236dd5202820927"
expires: Tue, 10 Dec 2024 06:00:41 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: Pa45HoSp099MNLgLRL3cm1wiZbu5Dp4FjyDb8gfHoyt1k5Oequc51Q==
date: Tue, 10 Dec 2024 06:19:43 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Fri, 06 Dec 2024 14:31:46 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: qwhadlzmcw4mk1qs4g8k
via: 1.1 d1cc7812297cc24e95de948dbb565d4a.cloudfront.net (CloudFront)
cf-ray: 8efb1ffcacd69ab9-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P1
server: cloudflare

GET
H2 200 wlravxmwms40sunr2q0v Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 212ms
84ms XHR
application/json 104.18.2.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/wlravxmwms40sunr2q0v
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aad5b86b7dbbe9b0a901b3f4ce7be4109bc670c591da4cc4b01d951e83263676

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"80a4292c729103f02045f59959a6ad23"
expires: Tue, 10 Dec 2024 06:03:00 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: OuVzIZCPVBdSyA6BX21vAKMRoXSdqph5_kGaNml8SrmIacj1lICbrA==
date: Tue, 10 Dec 2024 06:19:43 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Wed, 27 Nov 2024 06:07:04 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: wlravxmwms40sunr2q0v
via: 1.1 31f30557d3d4bc7b3138b6633f3185c2.cloudfront.net (CloudFront)
cf-ray: 8efb1ffcacd79ab9-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P1
server: cloudflare

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.56/ 66 KB
28 KB 101ms
100ms Script
application/javascript 13.107.253.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.56/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.253.40 Redmond, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: dc1da692990307185621fd661b7305e29d3a0a5ba0f0d998e5a1463a17c57044

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-azure-ref: 20241210T061943Z-1855bb45f694d8z6hC1BN16kg00000000ev0000000004qha
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DD0EDC462F0477"
x-fd-int-roxy-purgeid: 79034942
x-ms-request-id: 986ed18f-e01e-0003-62ad-45cfbf000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 12:08:58 GMT

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 89ms
88ms Ping
text/html 104.18.30.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010805.js?p=https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.30.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8v1Zvu9EWqBUmeLN
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 55ms
54ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785d3e9ea187b7242e1a4365a48c3fd95dd7a469245d24c6769b8d46c4ef4b81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"7e91359b46e1da637080a03b759164fa"
age: 2489
expires: Fri, 13 Dec 2024 06:19:43 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: OneSignal-Subscription-Id
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=259200
via: 1.1 google
cf-ray: 8efb1ffc5d88a54f-MIA
server: cloudflare

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 136ms
74ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&rl=&if=false&ts=1733811583441&sw=1600&sh=1200&v=2.9.178&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1733811583439.22591796587335071&ler=empty&cdl=API_unavailable&it=1733811583095&coo=false&tm=1&rqm=GET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=78, rtx=0, c=23, mss=1232, tbw=4543, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
196 B 212ms
152ms Image
image/png 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&rl=&if=false&ts=1733811583441&sw=1600&sh=1200&v=2.9.178&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1733811583439.22591796587335071&ler=empty&cdl=API_unavailable&it=1733811583095&coo=false&tm=1&rqm=FGET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7446664046919749193"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: OD72/TJPIIyKuYLf9Ef/a0mHvc0Qufp7USoe2I8rUUU276NMVZrylTypJzC3KKEmwtpymG7ekGHvYFDCQRm3hw==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7446664046919749193", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=69, rtx=0, c=23, mss=1232, tbw=4911, tp=13, tpl=0, uplat=71, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
479 B 291ms
186ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 03CC126C6B3F43D0A2200C998CC868CA Ref B: MIAEDGE2614 Ref C: 2024-12-10T06:19:43Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYo5HeMx4A4JyCoUasSyA==
x-li-proto: http/2
access-control-allow-origin: https://cyble.com
x-cache: CONFIG_NOCACHE
date: Tue, 10 Dec 2024 06:19:43 GMT
vary: Origin

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 4 KB
2 KB 192ms
81ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1733811582969&cv=11&fst=1733811582969&bg=ffffff&guid=ON&async=1&gtm=45je4c90v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

1ea5e766d95ee942603344bf1f686d56407a91d9c49f52b8639e47dd9feadb3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2280
date: Tue, 10 Dec 2024 06:19:43 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10996750928
td.doubleclick.net/td/rul/ Frame 40D7 0
0 342ms
179ms Document
text/html 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10996750928?random=1733811582969&cv=11&fst=1733811582969&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4c90v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.156 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 10 Dec 2024 06:19:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 4 KB
2 KB 171ms
80ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1733811583055&cv=11&fst=1733811583055&bg=ffffff&guid=ON&async=1&gtm=45be4c90v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

770704ad15068b1238bfdbaf13d50df3c11066459341e91b8da949fa5154ab64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2299
date: Tue, 10 Dec 2024 06:19:43 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10996750928
td.doubleclick.net/td/rul/ Frame F8A1 0
0 325ms
180ms Document
text/html 142.251.16.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10996750928?random=1733811583055&cv=11&fst=1733811583055&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4c90v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4c90v868834701za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.156 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 10 Dec 2024 06:19:43 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iframe_content.html
x.adroll.com/pxl/ Frame 99E9 0
0 334ms
153ms Document
text/html 44.223.154.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.223.154.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-223-154-245.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
ad-auction-allowed: true
content-encoding: zstd
content-length: 427
content-type: text/html
date: Tue, 10 Dec 2024 06:19:43 GMT
last-modified: Mon, 09 Dec 2024 17:59:51 GMT

GET
H2 200 3BMTZYG7A5BPDP54WUQHR4 Show response
d.adroll.com/segment/ELNAF2EZDFHJRAP3ODLCUU/ 42 B
2 KB 68ms
63ms XHR
image/gif 50.16.70.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/segment/ELNAF2EZDFHJRAP3ODLCUU/3BMTZYG7A5BPDP54WUQHR4?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&cookie=&adroll_s_ref=&keyw=&p0=1387&adroll_external_data=&xa4=1&adroll_version=2.0
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.70.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-70-197.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-rule-type: p
access-control-expose-headers: X-Advertisable-Eid, X-Attribution-Url, X-Segment-Eid, X-Segment-Display-Name, X-Segment-Name, X-Conversion-Currency, X-Conversion-Value, X-Rule, X-Rule-Type, X-Organization-Eid, X-Pixel-Eid
x-organization-eid: N3DWPJG4RZHKTLUYF434YJ
access-control-allow-methods: GET
x-segment-eid: DXQVOHHPJJAJXGCB63B6XM
x-advertisable-eid: ELNAF2EZDFHJRAP3ODLCUU
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
x-pixel-eid: 3BMTZYG7A5BPDP54WUQHR4
content-type: image/gif
x-attribution-url: https%3A%2F%2Fx.adroll.com%2Fattribution%2Ftrigger%3Ffpc%3Dea8906f732f21dd124575f2853110a91%26advertisable_eid%3DELNAF2EZDFHJRAP3ODLCUU%26conversion_type%3DPageView%26conversion_value%3D0.0%26currency%3DUSC%26flg%3D1%26pv%3D28245121633.299065%26arrfrr%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fphishing-campaign-targeting-ukraine-uac-0215%252F
access-control-allow-headers: Content-Type, *
x-segment-display-name: Visitors to Unsegmented Pages
cache-control: no-store, no-cache, must-revalidate
access-control-request-methods: GET
pragma: no-cache
x-conversion-currency
access-control-allow-credentials: true
x-conversion-value: 0.0
access-control-allow-origin: https://cyble.com
x-segment-name: *
content-length: 42
server: nginx/1.22.1
x-rule: *

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

43 B
183 B

341ms
85ms

Image
image/gif

35.211.202.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 35.211.202.130 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 130.202.211.35.bc.googleusercontent.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H3

200

receive
pixel.tapad.com/idsync/ex/
Redirect Chain

https://d.adroll.com/cm/experian/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukrain...
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%252C%252C&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=45ba5829-bb14-429e-908b-0eebe8d8e1e2&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%2C%2C

95 B
124 B

48ms
48ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=45ba5829-bb14-429e-908b-0eebe8d8e1e2&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%2C%2C

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 95
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: image/png
server: Jetty(11.0.13)

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=45ba5829-bb14-429e-908b-0eebe8d8e1e2&ttd_puid=fec3219e-2b65-4b30-9854-f3e517d84284%2C%2C
content-length: 359
date: Tue, 10 Dec 2024 06:19:44 GMT
server: Kestrel

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Ls5UI6xAVnVmp3v0P5QKiA
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=Ls5UI6xAVnVmp3v0P5QKiA&google_tc=
https://d.adroll.com/cm/g/in

42 B
821 B

96ms
95ms

Image
image/gif

50.16.70.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 50.16.70.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-70-197.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-result: g.-1.-1.-1
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
server: nginx/1.22.1

Redirect headers

cache-control: no-cache, must-revalidate
location: https://d.adroll.com/cm/g/in
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 225
date: Tue, 10 Dec 2024 06:19:43 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H3

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-u...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expiration=1765347583
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expiration=1765347583&C=1

43 B
769 B

86ms
85ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expiration=1765347583&C=1
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z97bV52Co7M7Cps%2BKo0c5n4fsTglzQwfoDADgUATWbGqLai45PVQzDabJ%2BecbQWfSbFpg%2Fx%2FwIaZRwmPmzPhxJzN2cpBTavBO8l6kBGaJXpDj%2FjhYxc%2Fb6OsfWFe%2F2G%2F3R2fO5ObPC0nCg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
vary: Accept-Encoding
priority: u=3,i
cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8efb1ffe5d49259a-MIA
content-length: 43
server: cloudflare

Redirect headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a4e%2FBGCxSOJiHr%2BvZ9gsFRD6AVGctrqA3Gwnizt%2F6YCClmwRhyXdVmJbmfgFjI5R4n86OA0V%2B6P4iQaso1N2JHHFxxT10TDriHoI115YtpwKeH3m8TvQzoK%2Bsobmohs5fpthZGMpNv3jZg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 10 Dec 2024 06:19:43 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: no-cache
location: /rum?cm_dsp_id=105&external_user_id=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expiration=1765347583&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8efb1ffdccd0259a-MIA
content-length: 0
server: cloudflare

GET
H2

200

db_sync
px.ads.linkedin.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://idsync.rlcdn.com/377928.gif?partner_uid=2ece5423ac40567566a77bf43f940a88
https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogMmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODgQABoNCP-637oGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=faff57a8593e565e8c8fcdaca62f3878a6421859fa8d3b48223fe1489e7d3d91791426b5417dce21&_=2
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=faff57a8593e565e8c8fcdaca62f3878a6421859fa8d3b48223fe1489e7d3d91791426b5417dce21&rand=08388349

0
142 B

124ms
123ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=faff57a8593e565e8c8fcdaca62f3878a6421859fa8d3b48223fe1489e7d3d91791426b5417dce21&rand=08388349
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A49739B5E07240D2BAE7EEF760D1AE46 Ref B: MIAEDGE2614 Ref C: 2024-12-10T06:19:44Z
x-li-fabric: prod-lor1
x-li-uuid: AAYo5HeX6jr7ZVD3urv9ZQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 10 Dec 2024 06:19:44 GMT

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=faff57a8593e565e8c8fcdaca62f3878a6421859fa8d3b48223fe1489e7d3d91791426b5417dce21&rand=08388349
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Tue, 10 Dec 2024 06:19:44 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expires=365

42 B
1 KB

305ms
114ms

Image
image/gif

69.173.146.5
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expires=365
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: HTTP/1.1
Server: 69.173.146.5 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: abdced99217677a3fee148679dae3157
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&expires=365
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ece5423ac40567566a77bf43f940a88&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ece5423ac40567566a77bf43f940a88&gdpr=0&gdpr_consent=&cc=1

43 B
171 B

56ms
49ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ece5423ac40567566a77bf43f940a88&gdpr=0&gdpr_consent=&cc=1
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 37.221.112.201
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
vary: Accept

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ece5423ac40567566a77bf43f940a88&gdpr=0&gdpr_consent=&cc=1
x-forwarded-for: 37.221.112.201
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 10 Dec 2024 06:19:42 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukrain...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=&us_privacy=1---

0
360 B

334ms
145ms

Image
text/plain

70.42.32.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

HTTP/1.1

Server

70.42.32.159 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
content-length: 0
date: Tue, 10 Dec 2024 06:19:43 GMT
x-traceid: ef6cdfd2ea1949348d874cecc8d8a3fd

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=&us_privacy=1---
content-length: 137
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukrain...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
583 B

364ms
163ms

Image
image/gif

207.65.37.184
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 207.65.37.184 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, private
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif; charset=utf-8
server: nginx

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

0
366 B

379ms
178ms

Image
text/plain

141.226.124.48
TABOOLA-AS Tabool...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 141.226.124.48 Chicago, United States, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-fastly-to-nlb-rtt: 37461
date: Tue, 10 Dec 2024 06:19:43 GMT
server: nginx
access-control-allow-credentials: true

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukra...
https://eb2.3lift.com/xuid?mid=4714&xuid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

37 B
474 B

68ms
67ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: /xuid?ld=1&mid=4714&xuid=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 10 Dec 2024 06:19:43 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://ib.adnxs.com/setuid?entity=172&code=MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

43 B
1 KB

405ms
404ms

Image
image/gif

68.67.161.182
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

68.67.161.182 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 37.221.112.201; 37.221.112.201; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 6767065f-2ef3-46ab-ba89-15d2503be373
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 10 Dec 2024 06:19:44 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DMmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 37.221.112.201; 37.221.112.201; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: 2ecbd295-ee78-4d5b-abad-961125786b9b
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 10 Dec 2024 06:19:43 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H3 200 wp-emoji-release.min.js Show response
cyble.com/wp-includes/js/ 18 KB
5 KB 38ms
34ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"667d613a-4926"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Thu, 27 Jun 2024 12:55:22 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 / Show response
cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/ 4 KB
2 KB 1213ms
1209ms XHR
application/json 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/14.1/_inc/build/related-posts/related-posts.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dcfae17641a4eda527ddcc54043a08b6707d50c533967c6dd07cd433060090ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
x-requested-with: XMLHttpRequest

Response headers

cf-edge-cache: cache,platform=wordpress
content-encoding: br
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding, accept, content-type, cookie
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cache-control: no-cache
x-nitro-disabled-reason: ajax
referrer-policy: no-referrer-when-downgrade
x-nitro-disabled: 1
x-xss-protection: 1; mode=block
host-header: WordPress.com
x-ac: 3.mia _atomic_dca MISS
server: nginx
x-nitro-cache: MISS
x-hacker: Want root? Visit join.a8c.com and mention this header.

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame EE54 0
0 215ms
88ms Document
text/html 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcyble.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Tue, 10 Dec 2024 06:19:43 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT
x-served-by: cache-iad-kiad7000102-IAD

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 127ms
123ms Preflight
text/plain 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.19111&mobile=false&messagesUtk=7f3850de164a47c192e427a69ebce9ca&traceId=7f3850de164a47c192e427a69ebce9ca

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8efb1ffd7e4c31d2-MIA
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 10 Dec 2024 06:19:43 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7OAKdLX2x7VG54VUDgbjq2E%2BaRt%2FFrw3a8Ue12OY0L%2Bg6zbd81%2B%2FMeUitlqU29iHz4XAr4j9B3Q1hUkFfZgb20yT0Y0fYbY%2FA7AjPAjMA8HuzcpWbIqkh6Il61HmzkKXgw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-hubspot-correlation-id: ca641c6e-7c09-40e6-86c0-fd1a982c045a

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 222ms
221ms XHR
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb6dd7b78908ff73f738c1c432a7008103ee96d062722eb83eedefc6897be9bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOQg27Mt1c1C2zI1sRh%2BMg8Rp6N5URRtY%2FD%2Fvcr6VaaiMSfIhN0v0U1jTGjUidygqBYWOkbrs8ibgBUpEdCegaTrHuC1GIBCqzXNPASNp22WZ4r2e7tFW%2BcJRhmGTIofSw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Tue, 10 Dec 2024 06:19:43 GMT
x-hubspot-correlation-id: 946e5bb2-5ca2-47b2-b847-4b4cfe587118
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8efb1ffe4eea31d2-MIA
access-control-allow-origin: https://cyble.com
content-length: 1376
server: cloudflare

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 117 B
800 B 228ms
140ms XHR
application/json 104.18.243.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.243.108 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1aaece65e52f7c2678d2b2699182f51ad003a41780a70f985cace566743912

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLsqM%2FUdPk5GDn0z1jYEVXNLcoSBqEbI%2FBR5N1NC3YwrzuNKZ7qSN6jLLBuhaVE32SyjvAQ5lfllBNDhuWVI8lKO3mOgdBXDvIMQK95ADi2RDYpYCFcUeoNMqnOYqmuZ"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Tue, 10 Dec 2024 06:19:43 GMT
x-hubspot-correlation-id: 88b88a52-bf6e-423d-9dac-5865814cfd33
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8efb1ffe0ae0dad1-MIA
access-control-allow-origin: https://cyble.com
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1 KB 92ms
91ms Fetch
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 8a90bc1a-1dca-42cf-822e-3f1746cda784
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aaILjGaMvQOYxZu3yWT6uVhedpww0FXTCSzRIJUypw94gtlAgZbjpe5CWzJ1a5%2B03OHZnOKxusV%2FA8zsYNh3GJ29WvLRKtZGOFJhGenp98v90H%2FyN6dqeppNDcK6yl5BTsU3KdbWV0gbqUp6r2s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Tue, 10 Dec 2024 06:19:43 GMT
x-hubspot-correlation-id: 8a90bc1a-1dca-42cf-822e-3f1746cda784
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-wwjgh
x-envoy-upstream-service-time: 7
access-control-allow-credentials: true
cf-ray: 8efb1ffd7e4d31d2-MIA
access-control-allow-origin: https://cyble.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 278ms
150ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=5254356&time=1733811583603&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000628e4778f217b60e85c1744a63ab0
x-msedge-ref: Ref A: 5175F94E0F494C908437C7EF6F1F558B Ref B: MIAEDGE1406 Ref C: 2024-12-10T06:19:43Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYo5HePIXtg6FwXRKY6sA==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5254356%26time%3D1733811583603%26li_adsId%3D89fd315c-b8b2-41b1-89db-b7327b65d29b%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-...

0
382 B

124ms
123ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 160DEB14EDBA4AAEBC0C0BEF0A66FD77 Ref B: MIAEDGE2614 Ref C: 2024-12-10T06:19:44Z
x-li-fabric: prod-lor1
x-li-uuid: AAYo5HeU/vynQHxoHVE3oA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Tue, 10 Dec 2024 06:19:43 GMT
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: afd-prod-lor1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1733811583603&li_adsId=89fd315c-b8b2-41b1-89db-b7327b65d29b&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true&liSync=true
pragma: no-cache
x-msedge-ref: Ref A: 6AE9F97D0B2D405095263D7AB39C5BF0 Ref B: MIAEDGE2614 Ref C: 2024-12-10T06:19:43Z
x-li-uuid: AAYo5HeRpVDUrKQXnhBGqw==
content-length: 0

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
28 KB 81ms
75ms Script
text/javascript 3.162.103.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.103.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-103-91.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 84de47ed6481524074cd5e375bb773f01b59fa6452539b3b60cdb916914ca0e1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: XRapE5DFdXRGc5myIfsDq4zGHQVtai2E
Etag: W/"792eca3181a87960d692c005437f63e0"
Age: 2022
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: njKZ2x-9nq3DG42PkO5npw7d0FC--kk4NjtqoLdLQZuqsKcu3kpc3g==
Date: Tue, 10 Dec 2024 05:46:02 GMT
Content-Type: text/javascript
Vary: accept-encoding
Last-Modified: Tue, 15 Oct 2024 15:51:52 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: IAD61-P1
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/ 16 KB
5 KB 345ms
153ms Script
application/javascript 108.138.85.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.85.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-85-113.iad12.r.cloudfront.net

Software

Clearbit /

Resource Hash

9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
content-encoding: gzip
etag: W/"9bd0e6149c66576fdc7ae464697b7327"
x-envoy-response-flags: -
x-content-type-options: nosniff
via: 1.1 478a7b771498cb2871727b0293c8b1ea.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-id: -4rs85S8jrEV8GozQmVnkQ0MLtI41sXIR2C_-7ukwf3GOo_57WO6yA==
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
server: Clearbit
x-amz-cf-pop: IAD12-P2

GET
H3 200 dialog.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 35ms
34ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.3

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.10

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

061918d0a4f95724e73ed3469513a4cf4bc92a27e768eadf4fd0c48e307e0dcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-2c16"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 5.8d87cdc9.min.js Show response
a.omappapi.com/app/js/ 13 KB
5 KB 63ms
63ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.8d87cdc9.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 7d5c91bba288f8d52bece6eb27a646578f0c935f8890f9f1fb5349060c7ce77b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "c73fbe3f0cf913da77cf06d1659eeaee"
date: Tue, 10 Dec 2024 06:19:43 GMT
last-modified: Tue, 19 Nov 2024 18:41:53 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: BwSQWkiAkmAzBCpG+ev2Pi5UCAsUSI7Ba9PFc9PsTDHm70kg1Jr4VWpx3TlQRLTqUJiqSSKiQFY=
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-427
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 9171b34ba8be6cd6774ae048e1af77fd
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: PVZJEHHW33C6CPP8
access-control-allow-origin: *
cdn-cachedat: 11/19/2024 18:42:02
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 trigger
x.adroll.com/attribution/ 2 B
467 B 287ms
128ms Image
text/plain 174.129.215.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.adroll.com/attribution/trigger?fpc=ea8906f732f21dd124575f2853110a91&advertisable_eid=ELNAF2EZDFHJRAP3ODLCUU&conversion_type=PageView&conversion_value=0.0&currency=USC&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 174.129.215.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-174-129-215-41.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-length: 2
date: Tue, 10 Dec 2024 06:19:43 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0","priority":"0","deduplication_key":"9868106638135909575","filters":{"source_type":["event"]}},{"trigger_data":"0","priority":"0","deduplication_key":"9868106638135909575","filters":{"source_type":["navigation"]}}],"debug_key":"5364040803115635393","debug_reporting":true,"filters":{"0":["ELNAF2EZDFHJRAP3ODLCUU"]}}
content-type: text/plain; charset=utf-8

GET
H3 200 share-buttons.63d984f8c96d1e053bc0.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 2 KB
1 KB 34ms
33ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.63d984f8c96d1e053bc0.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.4

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

222671695c39932625f7de419d583857d59db5e23a07c46f0b4df9c4cecdea42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
content-encoding: br
etag: W/"6744c8b8-629"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:30 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 load-more.8b46f464e573feab5dd7.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 35ms
32ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.8b46f464e573feab5dd7.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.4

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bd60836ecc4909c913a394e7e9a2566966e1594a5a43415447f7379377f132ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
content-encoding: br
etag: W/"6744c8b8-14e2"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 08:55:30 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 posts.aec59265318492b89cb5.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
2 KB 36ms
33ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.aec59265318492b89cb5.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.4

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7ea4ecc6e5b3e40546eee8d458437577958b920c4e2d72e395c8dd1631633ad8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
content-encoding: br
etag: W/"6744c8b8-cf5"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 08:55:30 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
982 B 39ms
38ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.10

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8639604f6b9525e4e14c0dec40129920dc99d2ce640ccd0d5906a142ddd0e248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
content-encoding: br
etag: W/"6744c8b0-550"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:30 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 FollowCompany.js Show response
www.linkedin.com/pages-extensions/ 1 KB
2 KB 150ms
144ms Script
application/javascript 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin.com/pages-extensions/FollowCompany.js?version=0.1.176

Requested by

Host: platform.linkedin.com
URL: https://platform.linkedin.com/in.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

275fb4a7bdeab3c59caff1c0ea88bf1adc9f4cfc377a9bec7b28517d13e2fd37

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .licdn.com .linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ .microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: ; font-src data: ; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src .licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' .licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors ; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
etag: "26a9c69ede4d51500d4689e0bde147e7ba821f7b"
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Feb 1980 00:00:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
x-li-pop: afd-prod-lor1-x
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src *.licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' *.licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors *; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
cache-control: no-cache, no-store
pragma: no-cache
x-msedge-ref: Ref A: F1BA7601C59F4C5CB22C3FEB13DC678B Ref B: MIAEDGE2614 Ref C: 2024-12-10T06:19:43Z
x-li-uuid: AAYo5HeQ9cszE3pF+co9Zg==
accept-ranges: bytes
content-length: 487

POST
H/1.1 204
No Content collect Show response
k.clarity.ms/ 0
273 B 274ms
122ms XHR
text/plain 172.175.38.6
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 10 Dec 2024 06:19:44 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H3 200 web Show response
onesignal.com/api/v1/sync/7db38cff-5077-441d-81cd-10e2ee603557/ 3 KB
2 KB 94ms
51ms Script
text/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/7db38cff-5077-441d-81cd-10e2ee603557/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72fa992b4e5dbc2f71424812f8d4ae529376bc186942699def38ed7e7cb67768

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 2e924ea7-e421-452b-af3d-9507cd3c767e
content-encoding: br
cf-cache-status: HIT
etag: W/"72fa992b4e5dbc2f71424812f8d4ae52"
age: 1649
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 07:19:43 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: text/javascript; charset=utf-8
vary: Origin, Accept-Encoding
x-runtime: 0.043720
priority: u=3,i=?0
access-control-allow-headers: SDK-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=3600
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
via: 1.1 google
cf-ray: 8efb1fff7a17a57b-MIA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 2764.svg
s.w.org/images/core/emoji/15.0.3/svg/ 368 B
679 B 209ms
103ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/15.0.3/svg/2764.svg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=315360000
x-nc: HIT mia 2
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 368
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/svg+xml
last-modified: Tue, 30 Jan 2024 01:15:16 GMT
server: nginx
x-frame-options: SAMEORIGIN

GET
H3 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
64 B 69ms
69ms Image
image/gif 142.251.163.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1733811583055&cv=11&fst=1733810400000&bg=ffffff&guid=ON&async=1&gtm=45be4c90v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dnSPCFx_oU1GeNvxCQWw2bO7nm2yhUw&random=3445215214&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.105 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 10 Dec 2024 06:19:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
64 B 75ms
74ms Image
image/gif 142.251.163.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1733811582969&cv=11&fst=1733810400000&bg=ffffff&guid=ON&async=1&gtm=45je4c90v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=2032196222.1733811583&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dEQg8fa34jLdSebl5pvVPcrlYHAiBkQ&random=1202945522&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.105 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 10 Dec 2024 06:19:43 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 432 KB
136 KB 80ms
80ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10996750928

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

367da9aac7400b92ff2cdde630d4f75a419ac04ccf74d3cf74818d081de92109

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 10 Dec 2024 06:19:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 139488
x-xss-protection: 0
server: Google Tag Manager

POST
H2 200 3BMTZYG7A5BPDP54WUQHR4
d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/ 42 B
822 B 61ms
59ms Ping
image/gif 50.16.70.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/3BMTZYG7A5BPDP54WUQHR4?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&ev=f%3D1122%26ft%3Dpreconsent
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.70.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-70-197.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-advertisable-eid: ELNAF2EZDFHJRAP3ODLCUU
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
server: nginx/1.22.1

POST
H2 200 3BMTZYG7A5BPDP54WUQHR4
d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/ 42 B
821 B 95ms
93ms Ping
image/gif 50.16.70.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/3BMTZYG7A5BPDP54WUQHR4?adroll_fpc=ea8906f732f21dd124575f2853110a91-1733811583501&flg=1&pv=28245121633.299065&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&ev=f%3D-760%26ft%3Dprepixel
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.16.70.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-70-197.compute-1.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-advertisable-eid: ELNAF2EZDFHJRAP3ODLCUU
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: image/gif
server: nginx/1.22.1

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
959 B 125ms
83ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: none
x-request-id: 7a348f28-481f-4808-afb7-fcd2ef7a54b1
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:44 GMT
x-hubspot-correlation-id: 7a348f28-481f-4808-afb7-fcd2ef7a54b1
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Tue, 10 Dec 2024 06:19:43 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-nwxpl
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8efb1fffbbc8d9b1-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 4.c2eb0e91.min.js Show response
a.omappapi.com/app/js/ 44 KB
13 KB 89ms
89ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 3570909efe317eb6fcd6de84ddbdbd2ba89238bab48ddeaaeffe433da3319de4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "41cd84632eaef4dfb86e2c15d8f2fc7d"
date: Tue, 10 Dec 2024 06:19:43 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: mHojdI4A8glpi9ZwPKTW1WtdaLVpkj5zZ4LXj6ITPBbvOKafgTv+Wwmtkjsc57BUxG1ERGPeUmw=
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-storagebalancer: NY-427
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 815bfb791bcd9a756a37499acacb8067
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJHG6XG9X4EA98H
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:03
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H3 200 share-link.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 35ms
35ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.25.10

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.10

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1030dee6b293cd2f1331f5355130a5db48929f961ba7409a4d4ce83c73caefdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-ac0"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:43 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 7f3850de164a47c192e427a69ebce9ca
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 09DC 0
0 322ms
210ms Document
text/html 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/7f3850de164a47c192e427a69ebce9ca?uuid=16dee1c1aa0f4081b937eaaf2da21d60&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=7f3850de164a47c192e427a69ebce9ca&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true&isIOSMobile=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
age: 585
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 8efb20009e7a5c79-MIA
content-encoding: gzip
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.21560/html/index.html&cfRay=8efb20009e7a5c79&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2F7f3850de164a47c192e427a69ebce9ca%3Fuuid%3D16dee1c1aa0f4081b937eaaf2da21d60%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3D7f3850de164a47c192e427a69ebce9ca%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fphishing-campaign-targeting-ukraine-uac-0215%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse%26hideScrollToButton%3Dtrue%26isIOSMobile%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&cfenv=prod&pdt=2024-12-10&csp=ro
content-type: text/html; charset=utf-8
date: Tue, 10 Dec 2024 06:19:44 GMT
etag: W/"02a42cbc018dbfb982f30e4a4a4f5e54"
last-modified: Mon, 09 Dec 2024 15:40:52 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8efb20009e7a5c79&resource=conversations-visitor-ui/static-1.21560/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
x-amz-cf-id: U7vSQwncYwhhfOE1V3UCqVOEk5HRB2iTzO4In8-e_kYOoy8cXiYQTg==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: y.fsdFAXNVEkKx_tCY46fpg4nWJAY3VP
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 6
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-qg7nx
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.21560/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: 1ca29bfb-ad05-430d-9f92-91cdf4e0d00e
x-request-id: 1ca29bfb-ad05-430d-9f92-91cdf4e0d00e

GET
H2 200 17.87b0f6e9.min.js Show response
a.omappapi.com/app/js/ 458 B
1 KB 103ms
102ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/17.87b0f6e9.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 284b0facae6132d66280225e6562ce6f8442656568dbb12123094de6433022dc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc95-1ca"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-267
last-modified: Thu, 03 Oct 2024 20:20:37 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:03
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: adb5fb2ca885095b43f0a347312b5945
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 20.ffcf301b.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 176ms
174ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/20.ffcf301b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: d945db3b417b4db19cba8309582dd7f333976336f0d62bc682e662a8848fe4ee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "505322c2ac34ff94aab476ecbcad4743"
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: KyFSrAYY+Ah/1O2D792rPArXRM5QMGSi9w+ELJUEo4egOJNtNoFgB9bEdN+7s5t6vtKv6KF/mHDpwMGmXmkEOYxr4uz4EEvR
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-267
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: fb2a8e74f8d7d49cd54efdbe9830e876
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJSBAZBM6Q4YN0D
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:03
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 44ms
43ms Stylesheet
text/css 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
age: 2632
expires: Thu, 09 Jan 2025 06:19:44 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: text/css
vary: Accept-Encoding
priority: u=0,i=?0
access-control-allow-headers: OneSignal-Subscription-Id
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=2592000
via: 1.1 google
cf-ray: 8efb20002aa8a57b-MIA
server: cloudflare

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 0
44 B 441ms
237ms Script
application/javascript 52.204.243.204
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.204.243.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-204-243-204.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
x-envoy-response-flags: -
x-content-type-options: nosniff
content-length: 0
date: Tue, 10 Dec 2024 06:19:43 GMT
content-type: application/javascript;charset=utf-8
server: Clearbit

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 168 KB
45 KB 378ms
175ms Script
application/javascript 52.204.243.204
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.204.243.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-204-243-204.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
content-encoding: gzip
x-envoy-response-flags: -
x-content-type-options: nosniff
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
server: Clearbit

GET FollowCompany
www.linkedin.com/pages-extensions/ Frame A39E 0
0

GET
H2 200 FollowCompany
www.linkedin.com/pages-extensions/ Frame F4DE 0
0 230ms
148ms Document
text/html 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=e1b41b13-3e91-46c3-93f6-242ba8b96d2c&xd_origin_host=https%3A%2F%2Fcyble.com

Requested by

Host: platform.linkedin.com
URL: https://platform.linkedin.com/in.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .licdn.com .linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ .microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: ; font-src data: ; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src .licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' .licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors ; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
content-length: 801
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src *.licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' *.licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors *; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
content-type: text/html; charset=utf-8
date: Tue, 10 Dec 2024 06:19:44 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYo5HeVSg/xmYNrWDXjGQ==
x-msedge-ref: Ref A: 4262163EAEEC4AF0B374E4DF15D98D2B Ref B: MIAEDGE1914 Ref C: 2024-12-10T06:19:44Z

GET
H2 200 button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 59ms
58ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
access-control-allow-methods: GET
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Mon, 11 Dec 2023 17:19:47 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kiad7000057-IAD
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=315360000
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2620
x-amz-server-side-encryption: AES256

GET
H2 200 19.29995104.min.js Show response
a.omappapi.com/app/js/ 4 KB
2 KB 67ms
61ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.29995104.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 347f04555337c884b83cc6ee9c57ed53f2d9dc61b9a5a7e638dc562d6ef6a4e0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "c4f590b097d6c1b7b64f6fae4032b013"
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: MP/gkwur4x79UVvuyb4qKf+LDmj00w0/+npP1eyegmhmESLn6ED8mVsnn5E9PwbN7XEWUzkP9TA=
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-427
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 38411a53ed8bec7519da267f1db351af
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJVAQ29ZZFSAGMW
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:04
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 27.78befebd.min.js Show response
a.omappapi.com/app/js/ 6 KB
2 KB 101ms
96ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.78befebd.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: b536245d5d1912397f06964694ae416b45a26a3bc39021850852c647bee46bab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc81-174f"
cdn-fileserver: 388
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-427
last-modified: Thu, 03 Oct 2024 20:20:17 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/17/2024 20:04:52
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 83508c013593891b839180d06b3c8f98
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 33.db83743a.min.js Show response
a.omappapi.com/app/js/ 34 KB
9 KB 100ms
95ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/33.db83743a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: eff50ee97749192a01ffbe5c7d7b3b88d11cc53dcbd6d659b22b37e8cc0754d7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6728ef64-878e"
cdn-fileserver: 622
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-268
last-modified: Mon, 04 Nov 2024 15:59:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:03
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 2501615a53759b59ef7997214c99d918
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 10.f3e1fec4.min.js Show response
a.omappapi.com/app/js/ 31 KB
10 KB 111ms
107ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.f3e1fec4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 46be8975c077af9ee628b95903df417598a0df10350acb20e678ab3fe9a54f36

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "673cdbfa-7cf4"
cdn-fileserver: 861
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: DE-680
last-modified: Tue, 19 Nov 2024 18:42:02 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/19/2024 18:42:02
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-346
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: a26e694e46f72c2ef445c8dd9df714e3
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 0.97289c7b.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 111ms
106ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.97289c7b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 54adf4588038aa406ce898380a589e4afb4bd8c3b4d152461e1b4641a7443fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "e627eded1ea6ba4adebdc1af40a3275f"
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: O8RwLtqwcHtReSoJ3Qz/osF/0zp33/5dunZNSNyRlo4GzGHK68ZxESkD/ddvr9H2ipYUvXRB714=
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-346
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 8ef20ce3abe148bc7c055612d3890171
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJP0PFMDYV7GQB5
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:04
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 9.b36e2a05.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 117ms
111ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.b36e2a05.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: f14b33b9d5a249b41c2c3ab1065df21780f8d7d681c6a745244848dff1845c58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc88-650"
cdn-fileserver: 388
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-427
last-modified: Thu, 03 Oct 2024 20:20:24 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/14/2024 14:45:28
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: c0834f00e6415af96ced6db61720ebb0
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 11.c5ec45ff.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 114ms
109ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.c5ec45ff.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 39dd4eedf59461aa0bb42f57f4663d3b3224f5efcdf95f7e571e829aae135905

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc89-838"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-346
last-modified: Thu, 03 Oct 2024 20:20:25 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/14/2024 14:45:12
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 50ec337547c6ed055edf5f2046f60ea3
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 28.22ee4263.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 118ms
112ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.22ee4263.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 071277a837bd15a2c626377ff352570603ae3edc5e279a1af896514f3737f535

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "606e4fcc663cab0b54ecfbc5b2b0bb65"
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 26LX+oKndqhbokElYGm3jkd2wnLpb6tNd7rYees3RnQtSEsLNxyky6xWJ46CGudtNdTM8qNsvoE=
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-267
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: d222fcba339a527cd7b9a4d930aea0d3
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJK4Y3ABH928YQ6
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:04
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 26.6128bd2e.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 114ms
109ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.6128bd2e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 7c345c812c6c32c007d7fe0f4968df8f847ea5006e76c8633da70d446b1936a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc81-4e1"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-353
last-modified: Thu, 03 Oct 2024 20:20:17 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:03
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 6a5c2878d88744ae7cb7f4d0a8ae9e0a
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 16.d9461827.min.js Show response
a.omappapi.com/app/js/ 830 B
1 KB 119ms
114ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.d9461827.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 140eedc23b5929c1bb8a74d021936779b48156ccb5445431659d656f8aa104cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc7f-33e"
cdn-fileserver: 388
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-267
last-modified: Thu, 03 Oct 2024 20:20:15 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:03
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: a5e6ccd5037a08961614459c37c72da8
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 1.05facc5e.min.js Show response
a.omappapi.com/app/js/ 9 KB
3 KB 120ms
115ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.05facc5e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 4d4650ca007326deb6524524b7074dd677a0026d75ad55f56df7698a136d9034

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "42d9c13071599c41bda2c3602de63bac"
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: UasWWatv2JsQ6UJmcEMM2c/2Tt09w3mMlykb2u5gE6IhGQxy/bM0RE/lHoe9I98CdXjdSTEfc0xGGjZ9GFGl7i/GvS5cIbzrOQ+55WThToY=
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-storagebalancer: NY-267
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: d38f4049e445223f052bdf497dfc821a
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJWHJFC8H8V1VFJ
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:04
cdn-edgestorageid: 925
perma-cache: MISS
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 21.8fe2e52f.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 141ms
137ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.8fe2e52f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: e92b5c4af8c5c6115f09955c6aa8577a45c65effe782e0593540f09177f69a29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc89-65a"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-346
last-modified: Thu, 03 Oct 2024 20:20:25 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:03
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: b64b52ca5080cd1a1df2c42e57a817d7
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 22.9cb0da1f.min.js Show response
a.omappapi.com/app/js/ 948 B
1 KB 141ms
137ms Script
application/javascript 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/22.9cb0da1f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 57533e961bdaf5ffaf1146f0c041f0598806607a330000195992f4652d2c1f17

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc7e-3b4"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:44 GMT
cdn-storageserver: NY-427
last-modified: Thu, 03 Oct 2024 20:20:14 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:04
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: a78c2b4a4a5764918f23fd7e6ef388d9
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/7db38cff-5077-441d-81cd-10e2ee603557/ 256 B
826 B 236ms
235ms Fetch
application/json 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/7db38cff-5077-441d-81cd-10e2ee603557/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0d7310be48b4f4fc33d69c4debdc93c879a9541d61be8f2347c94a77fac19b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 938adf8a-9848-4c3f-98d6-974d8c7ed766
content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"a0d7310be48b4f4fc33d69c4debdc93c"
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.015896
priority: u=1,i
access-control-allow-headers: SDK-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
via: 1.1 google
cf-ray: 8efb2001d8517473-MIA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

POST
H/1.1 204
No Content collect Show response
k.clarity.ms/ 0
273 B 192ms
141ms XHR
text/plain 172.175.38.6
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 10 Dec 2024 06:19:44 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 follow_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 9C4F 0
0 63ms
61ms Document
text/html 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 13712
content-type: text/html; charset=utf-8
date: Tue, 10 Dec 2024 06:19:44 GMT
etag: "bf4801052efb5f8f12057c849e9b590f+gzip"
last-modified: Mon, 11 Dec 2023 17:19:47 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT
x-served-by: cache-iad-kiad7000102-IAD

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
291 B 220ms
129ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22cybleglobal%22%2C%22widget_creator_screen_name%22%3A%22cybleglobal%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1733811584338%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=f2977d9798e4b165e343ba0eb11e8172a0d5e38a

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-type: image/gif
strict-transport-security: max-age=631138519
x-transaction-id: 2516076ec5848550
cache-control: must-revalidate, max-age=600
x-connection-hash: 64166b2a3133b83a5891c063c5873f2e4ac6acb414aaa760f4ee2081eed2de84
x-response-time: 5
content-length: 43
date: Tue, 10 Dec 2024 06:19:44 GMT
last-modified: Tue, 10 Dec 2024 06:19:44 GMT
perf: 7402827104
vary: Origin
server: tsa_b

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
745 B 249ms
103ms Stylesheet
text/css 142.251.179.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.95 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f95.1e100.net

Software

ESF /

Resource Hash

43c09afbdac92bfc5756cb574ca7b26aaa96f39f91cacdf48cc51316bcceeb41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 06:19:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 10 Dec 2024 06:19:44 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
2 KB 246ms
101ms Stylesheet
text/css 142.251.179.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Sarabun%3Aital%2Cwght%400%2C400%3B0%2C700&family=Rubik%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.95 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f95.1e100.net

Software

ESF /

Resource Hash

21ef5e6434bc507bbf24bd0294c53dc7e561bdd0c991b45d90be45cbbde72978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 06:19:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 10 Dec 2024 06:19:44 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 387ms
167ms XHR
application/json 52.204.243.204
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.204.243.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-204-243-204.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-max-age: 7200
access-control-expose-headers
content-encoding: gzip
x-envoy-response-flags: -
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options: nosniff
access-control-allow-origin: https://cyble.com
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Clearbit

GET
H3 200 OqW0O85nReudZFfWLGUA_cyble-logo.jpg
img.onesignal.com/permanent/280ba632-3e15-42c5-b8db-34718c635fef/ 9 KB
10 KB 52ms
48ms Image
image/jpeg 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/permanent/280ba632-3e15-42c5-b8db-34718c635fef/OqW0O85nReudZFfWLGUA_cyble-logo.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99eafd83dc71117d7a1383b917a4f0f20455203c3c7d48c9b71ab5cfabd4d6a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=L7lS7A==, md5=p+8UhJvZCznoti6sM5CjSw==
cf-bgj: imgq:85,h2pri
etag: "-CNb2xfjZ8ocDEAE="
age: 721
cf-cache-status: HIT
x-goog-stored-content-encoding: identity
expires: Fri, 10 Jan 2025 06:19:44 GMT
cf-polished: degrade=85, origSize=19541, status=vary_header_present
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 19541
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:44 GMT
content-type: image/jpeg
last-modified: Tue, 13 Aug 2024 19:28:59 GMT
vary: Origin, Accept-Encoding
priority: u=1,i
x-guploader-uploadid: AHxI1nOCoon7DTyjUf9v1o1k7D-hldCBHHoJ_0__UZYWV362uLyUvK04A7QsP3hDF4tGxVkT8wc
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=2678400
pragma: no-cache
x-goog-storage-class: STANDARD
cf-ray: 8efb20034bc6a54f-MIA
x-goog-encryption-kms-key-name: projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
accept-ranges: bytes
x-goog-generation: 1723577339575126
content-length: 9292
server: cloudflare

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.wp.com/s/roboto/v32/ 18 KB
18 KB 35ms
34ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT mia 2
age: 104
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 18536
date: Tue, 10 Dec 2024 06:19:44 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
server: nginx

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v29/ 18 KB
18 KB 142ms
82ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Sarabun%3Aital%2Cwght%400%2C400%3B0%2C700&family=Rubik%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 270941
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sun, 07 Dec 2025 03:04:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 07 Dec 2024 03:04:03 GMT
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18792
x-xss-protection: 0
server: sffe

GET
H3 200 DtVmJx26TKEr37c9YK5silss6w.woff2
fonts.gstatic.com/s/sarabun/v15/ 11 KB
11 KB 195ms
136ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sarabun/v15/DtVmJx26TKEr37c9YK5silss6w.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

ad4e2d51cf7f8cad0b33fcae853656fa79fa2da3e9828bdf50895a88d9463259

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 286314
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 06 Dec 2025 22:47:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 06 Dec 2024 22:47:50 GMT
last-modified: Thu, 24 Aug 2023 20:36:53 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11632
x-xss-protection: 0
server: sffe

GET
H3 200 DtVjJx26TKEr37c9aBVJnw.woff2
fonts.gstatic.com/s/sarabun/v15/ 11 KB
11 KB 181ms
121ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sarabun/v15/DtVjJx26TKEr37c9aBVJnw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

0c18a7096d8615e2b30d7fbaccb64fe00b6cffccf671c3c4ca53244640722202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 307765
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 06 Dec 2025 16:50:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 06 Dec 2024 16:50:19 GMT
last-modified: Thu, 24 Aug 2023 21:03:27 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11452
x-xss-protection: 0
server: sffe

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2
fonts.gstatic.com/s/rubik/v28/ 18 KB
18 KB 161ms
102ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

c87fcac153783ea615f856ad1c0e12791952c39b8ddde7f11fa3d47c0a3b3998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 307701
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 06 Dec 2025 16:51:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 06 Dec 2024 16:51:23 GMT
last-modified: Thu, 29 Jun 2023 16:30:12 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18856
x-xss-protection: 0
server: sffe

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v22/ 8 KB
8 KB 114ms
55ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 294132
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 06 Dec 2025 20:37:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 06 Dec 2024 20:37:32 GMT
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

GET
H3 200 0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2
fonts.gstatic.com/s/vollkorn/v27/ 25 KB
25 KB 120ms
63ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/vollkorn/v27/0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

7020a2f35c08a997e1d96da73093b9bb97df210cd9147454c9e38972818724e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 296752
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Sat, 06 Dec 2025 19:53:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 06 Dec 2024 19:53:52 GMT
last-modified: Fri, 27 Sep 2024 00:45:50 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25496
x-xss-protection: 0
server: sffe

GET
H2 200 9f2bee7e0bbee0ce290705075c691d69-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/ 32 KB
5 KB 270ms
87ms XHR
application/json 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/9f2bee7e0bbee0ce290705075c691d69-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 596e5530d1cf66e097a7a82ab01d9f5d98db99bd6688f8ec9d1775e213e06ef4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66c4dc66-7eb5"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:45 GMT
cdn-storageserver: NY-346
last-modified: Tue, 20 Aug 2024 18:11:50 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 01:06:03
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: fb0f47e642105206b6f95280f6079423
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H2 200 533035b6c3b6cf5613e23c21ac1b56ab-optin.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/wlravxmwms40sunr2q0v/ 23 KB
4 KB 263ms
88ms XHR
application/json 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/wlravxmwms40sunr2q0v/533035b6c3b6cf5613e23c21ac1b56ab-optin.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 0f2ca337e8e1a04cd619e8fbff4b26cd81a5aef5b593462c250110bb68ba9a29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6746b7c5-5ba7"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:45 GMT
cdn-storageserver: NY-346
last-modified: Wed, 27 Nov 2024 06:10:13 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/27/2024 07:55:49
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: fd99c8b226942f43cf434b8c289146db
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 143ms
61ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 83046
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: it2WPnp1mT2G66xDPi_SRloGiS3OEcCjCiAjWJzsITVf5ozx2dEHHg==
date: Tue, 10 Dec 2024 06:19:45 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 f0ab8ae5676239bb4b51137f31c48dc8.cloudfront.net (CloudFront)
cf-ray: 8efb2006bce931e4-MIA
x-amz-cf-pop: MIA50-P1
server: cloudflare

POST
H2 200 p
to.getnitropack.com/ 0
119 B 496ms
389ms Ping
text/plain 104.18.39.246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://to.getnitropack.com/p

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.39.246 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 8efb2006eb8574ca-MIA
content-length: 0
cf-cache-status: DYNAMIC
date: Tue, 10 Dec 2024 06:19:45 GMT
server: cloudflare

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B5F216842D434F88BBF5BF9A824892E3&RedC=c.clarity.ms&MXFR=08820B56E6676FBD17931E07E26761B1
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B5F216842D434F88BBF5BF9A824892E3&MUID=384684346E6A689F24C591656F7669A7

42 B
443 B

54ms
54ms

Image
image/gif

20.110.205.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B5F216842D434F88BBF5BF9A824892E3&MUID=384684346E6A689F24C591656F7669A7
Protocol: H2
Server: 20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
etag: "8d3dafd6e71fdb1:0"
accept-ranges: bytes
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 42
date: Tue, 10 Dec 2024 06:19:45 GMT
content-type: image/gif
last-modified: Wed, 16 Oct 2024 16:24:13 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

Redirect headers

cache-control: private, no-cache, proxy-revalidate, no-store
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B5F216842D434F88BBF5BF9A824892E3&MUID=384684346E6A689F24C591656F7669A7
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65AE2527C44C47BE80C88E34DA4D2667 Ref B: MIAEDGE2607 Ref C: 2024-12-10T06:19:45Z
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 0
date: Tue, 10 Dec 2024 06:19:44 GMT
x-powered-by: ASP.NET

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
915 B 243ms
141ms Image
image/gif 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&t=UAC-0215+Phishing+Campaign+Targets+Ukraine%27s+Critical+Sectors&cts=1733811584989&vi=d571e097def44b7aea3f284a5c65ba65&nc=true&u=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&b=27441379.1.1733811584985&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: none
x-request-id: a590aeef-59a9-4469-9184-cc7fbad71f6c
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4F1Rz9A1G3sFXu1p4DAKmmkLGbpTVbgFYIDHFGpW7R8Xy9pNefKOTNVIziQlOoRhUCt70d7vO7J0LPsBd2s1FL6Qw33Fr6iWgP%2ByP%2FmqL4HIgagmde0Zb2Wxx6qA50cfHmu"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 10 Dec 2024 06:19:45 GMT
x-hubspot-correlation-id: a590aeef-59a9-4469-9184-cc7fbad71f6c
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-wf92v
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8efb2006ff48d9fd-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png
cyble.com/wp-content/uploads/2021/11/ 31 KB
31 KB 55ms
54ms Other
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

46be445d1e73f0f772f143ba2831302283ea44854d338b47d8dc5a9d69b4d2a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "619bd339-7c89"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 13:09:13 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 31881
date: Tue, 10 Dec 2024 06:19:45 GMT
x-ac: 3.mia _atomic_dca HIT
content-type: image/png
last-modified: Mon, 22 Nov 2021 17:28:25 GMT
server: nginx

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 149ms
148ms XHR
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=d571e097def44b7aea3f284a5c65ba65&__hstc=27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1&__hssc=27441379.1.1733811584985&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fdc89e17ea91330ba948977363f71b47c5bd7bdb0be381818b9851abc56c271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: f6759436-de3e-420d-abce-1ed59af9348b
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NzLXX8sw2PJRq9CqV52i1MaXGckJ6vqrg2RJTgRUrVzORCUEZkUVVo563eU046blEW%2BstITVbMkhghaq9zXQkWdj4zeLUfQUz0YUwAVjEaVLofV4AG7UExRNhauRdgQM7qi7"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Tue, 10 Dec 2024 06:19:45 GMT
x-hubspot-correlation-id: f6759436-de3e-420d-abce-1ed59af9348b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-wwjgh
x-envoy-upstream-service-time: 17
access-control-allow-credentials: false
cf-ray: 8efb20068d3e31d2-MIA
access-control-allow-origin: https://cyble.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png
i0.wp.com/cyble.com/wp-content/uploads/2021/11/ 682 B
1 KB 41ms
41ms Other
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png?fit=32%2C32&ssl=1

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

666ce27930995b7f32000d6d54aa91af08ff3533f24ca54483d75b6090da352f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "04f728cb7ca442a4"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 19:17:37 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:45 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 07:17:37 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT mia 1
access-control-allow-origin: *
content-length: 682
server: nginx

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 150 B
570 B 161ms
161ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 75bcb86832f42b4942244d252ed90ca846116541c76a3d848c21563ccdcbf14d

Request headers

Authorization: Bearer 07c397b8751687386690
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"96-eiSPBGkRy/U4nEyyDVZDsJHuDhE"
apigw-requestid: Cj-MRhqPvHcES-w=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: jO-TDdYH2XpcNnqqSN-r3iw8FCa1gemcisuIXL7yykzX7ORr6H4nlg==
date: Tue, 10 Dec 2024 06:19:45 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
server-timing: cfExtPri
via: 1.1 3ae8c5f889b20c56a64e96d3ba90901a.cloudfront.net (CloudFront)
cf-ray: 8efb20083c7a4976-MIA
access-control-allow-origin: https://cyble.com
x-amz-cf-pop: MIA50-P1
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 175ms
142ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://cyble.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: Cj-MQi7PPHcESfg=
cf-cache-status: DYNAMIC
cf-ray: 8efb20075be24976-MIA
date: Tue, 10 Dec 2024 06:19:45 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
vary: Origin
via: 1.1 bcfc22520736fcba6debaf20e4dfed64.cloudfront.net (CloudFront)
x-amz-cf-id: Kjep27O-2p5bAz95upnqg1gf827-vRxjnxXKxvwxOjJGbkL03BjneQ==
x-amz-cf-pop: MIA50-P1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 a92e7b49b8bb1724659993-1200x300-1.webp
a.omappapi.com/users/b584497dcf5c/images/ 31 KB
32 KB 60ms
60ms Image
image/webp 37.19.207.34
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/b584497dcf5c/images/a92e7b49b8bb1724659993-1200x300-1.webp?width=900
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: cf37c05fbc57b2215d1d3cf68364b3b49f006e891f8ae4d8f5b355c06a3fbde0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag: "66cc392f-7bd6"
cdn-fileserver: 749
date: Tue, 10 Dec 2024 06:19:45 GMT
cdn-storageserver: NY-427
content-type: image/webp
last-modified: Mon, 26 Aug 2024 08:13:35 GMT
cdn-cachedat: 11/06/2024 18:47:25
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 8f7f177177d699fa3aa99fa0f283a4dd
cdn-pullzone: 293267
cdn-proxyver: 1.06
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31702
cdn-edgestorageid: 925
server: BunnyCDN-ASB1-925
cdn-requestcountrycode: US

GET
H3 200 / Show response
ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/ 5 KB
3 KB 158ms
125ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

38cdd5707960016894826480e1d4720f43c1541306e4db18a7dba62319f5e2ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 04e25c60c7398d9fca6f1733811585
_vtok: MzcuMjIxLjExMi4yMDE=
visited-url: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 10 Dec 2024 06:19:45 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8efb200a4f026dc2-MIA
access-control-allow-origin: https://cyble.com
x-powered-by: Express
server: cloudflare

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/ Frame 0
0 125ms
83ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://cyble.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8efb20098b4bed34-MIA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 10 Dec 2024 06:19:45 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
BLOB 200
OK 8b96f5b3-a484-402c-b7d2-a705131a7b66 Show response
https://cyble.com/ 5 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/8b96f5b3-a484-402c-b7d2-a705131a7b66
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38cdd5707960016894826480e1d4720f43c1541306e4db18a7dba62319f5e2ec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 4860

GET
H2 200 data.js Show response
tags.clickagy.com/ 36 KB
14 KB 1287ms
198ms Script
text/javascript 3.171.85.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95

Requested by

Host: cyble.com
URL: blob:https://cyble.com/8b96f5b3-a484-402c-b7d2-a705131a7b66

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.171.85.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-171-85-60.iad89.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

429e6cab64539f15ca1c33984a782a42b43c0f02dba4cc4009f322f89fac9492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
etag: W/"2ac14c18b84a1d8b7e645922aeff9e5b"
x-amz-version-id: IA_xxjAGlNIXOVlzxUwJZwRAUV0GLAv1
age: 37088
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: r5bjpXCXk881JtCMVsXl3vejJND7UO-pWPVHWs8jeMSR3lNYzF-7wg==
date: Mon, 09 Dec 2024 20:01:39 GMT
content-type: text/javascript
vary: accept-encoding, Origin
last-modified: Tue, 01 Oct 2024 15:11:36 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
referrer-policy: strict-origin-when-cross-origin
via: 1.1 dc22f89cb836e869a2f4d49f51e9032c.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: IAD89-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 15 KB
6 KB 315ms
117ms Script
application/javascript 3.167.72.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: cyble.com
URL: blob:https://cyble.com/8b96f5b3-a484-402c-b7d2-a705131a7b66
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.167.72.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-167-72-96.iad61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb19cc9bb9e4e0f0237ee1f0c213487452c77e6f9fa6fa9edcb87f4de9f0c21a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Transfer-Encoding: chunked
Vary: accept-encoding
Content-Encoding: gzip
ETag: W/"dd635a85604f92ec6b3a600d010dd4e3"
Age: 9103
Connection: keep-alive
Via: 1.1 0f62e17ec3952402c8100312889f271c.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: g9ggH2G4ZNoxaLVHkWJDix3fy47h9AhbwPi3L9JlSCGOc9u_ti7CWw==
Date: Tue, 10 Dec 2024 03:48:04 GMT
Content-Type: application/javascript
Last-Modified: Mon, 09 Dec 2024 03:47:21 GMT
Server: AmazonS3
X-Amz-Cf-Pop: IAD61-P6
x-amz-server-side-encryption: AES256

GET
H2 200 up
insight.adsrvr.org/track/ Frame 8B5B 0
0 279ms
130ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=ixkqho4&ref=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&upid=x1swie6&upv=1.1.0&paapi=1&gdpr=0&gdpr_consent=undefined
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 10 Dec 2024 06:19:46 GMT
server: Kestrel
vary: Accept-Encoding

POST
H/1.1 204
No Content collect Show response
k.clarity.ms/ 0
273 B 85ms
81ms XHR
text/plain 172.175.38.6
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 10 Dec 2024 06:19:46 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H2 200 data Show response
aorta.clickagy.com/ 47 B
715 B 283ms
115ms XHR
application/json 34.237.251.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.237.251.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-251-14.compute-1.amazonaws.com
Software: Aorta/20241115.084e84610 /
Resource Hash: 160a942a5dc77e91288eb749abe7be9395d3cd0db26016863d101911789ac555

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
expect: 0
content-encoding: gzip
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: a3ca38353185
access-control-allow-origin: https://cyble.com
content-length: 72
date: Tue, 10 Dec 2024 06:19:47 GMT
content-type: application/json
server: Aorta/20241115.084e84610
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H3

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1
https://idsync.rlcdn.com/420246.gif?partner_uid=Z1fdg5ssjfEn7Zqvx9duM0OP
https://aorta.clickagy.com/pixel.gif?ch=114&cm=2e16fe1be0f1fbc37316c9ffe7913813edb3df5af1af6f9b8b7c27a355cb98fa25abae5358c0e7bc
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=Z1fdg2sVN0iWkP7kUXr9_o7Q&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=79908&dpuuid=Z1fdg2sVN0iWkP7kUXr9_o7Q&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=124&cm=78748116474472235332090924422301775190
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%25...
https://aorta.clickagy.com/pixel.gif?ch=4&cm=79d4eff2-5262-41cf-a67f-db3cb2ae8353&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D
https://us-u.openx.net/w/1.0/sd?id=537073026&val=Z1fdg2sVN0iWkP7kUXr9_o7Q

43 B
61 B

45ms
45ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073026&val=Z1fdg2sVN0iWkP7kUXr9_o7Q
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 37.221.112.201
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 10 Dec 2024 06:19:47 GMT
content-type: image/gif
vary: Accept

Redirect headers

access-control-max-age: 31536000
access-control-expose-headers: Set-Cookie
location: https://us-u.openx.net/w/1.0/sd?id=537073026&val=Z1fdg2sVN0iWkP7kUXr9_o7Q
expect: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
access-control-allow-methods: POST, GET, OPTIONS
x-aorta-host: 79444dce3bc6
access-control-allow-origin: *
content-length: 0
date: Tue, 10 Dec 2024 06:19:48 GMT
content-type: text/plain
server: Aorta/20241115.084e84610
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
322 B 332ms
124ms XHR
text/plain 3.222.211.52
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.222.211.52 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-222-211-52.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-expose-headers: content-length, last-modified, expires, content-type
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://cyble.com
content-length: 28
date: Tue, 10 Dec 2024 06:19:47 GMT
content-type: text/plain; charset=utf-8
vary: origin

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 68ms
68ms Fetch
text/plain 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je4c90v885439329z8868834701za200&_p=1733811582064&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=446767075.1733811582&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAC&_s=3&sid=1733811582&sct=1&seg=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_et=205&tfd=9837
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f101.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 06:19:47 GMT
content-type: text/plain
server: Golfe2

GET
H2 204 boom.gif
pixel.wp.com/ 0
105 B 32ms
30ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.012&largest_contentful_paint=4833&batcache_hit=0&provider=wordpress.com&service=atomic&custom_properties=%7B%22woo_active%22%3A%220%22%7D&effective_connection_type=4g&rtt=100&downlink=10000&host_name=cyble.com&url_path=%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=44&nt_connectStart=45&nt_connectEnd=138&nt_secureConnectionStart=73&nt_requestStart=139&nt_responseStart=3429&nt_responseEnd=3545&nt_domLoading=3440&nt_domInteractive=5598&nt_domContentLoadedEventStart=5599&nt_domContentLoadedEventEnd=5660&nt_domComplete=7054&nt_loadEventStart=7054&nt_loadEventEnd=7070&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=4627&first_contentful_paint=4627&resource_size=3908966&resource_transferred=1873031&resource_cache_percent=0&js_size=992547&js_transferred=301400&js_cache_percent=0&blocking_size=1660238&blocking_transferred=238962&blocking_cache_percent=0&last_resource_end=8154
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=86400
date: Tue, 10 Dec 2024 06:19:48 GMT
server: nginx

POST
H/1.1 204
No Content collect Show response
k.clarity.ms/ 0
273 B 118ms
116ms XHR
text/plain 172.175.38.6
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://k.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.38.6 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 10 Dec 2024 06:19:50 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cyble.com
URL: blob:https://cyble.com/c942a6a7-f2e4-41fb-b0ba-10f3a689e351

Domain: www.linkedin.com
URL: https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=e1b41b13-3e91-46c3-93f6-242ba8b96d2c&xd_origin_host=https%3A%2F%2Fcyble.com

Verdicts & Comments Add Verdict or Comment

261 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

100 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-21 01:36:53	Name: __cf_bm Value: Uussz5DQFOsiz44yywEB7oqZKvU6bL1_cDdGydm4Agc-1733811582-1.0.1.1-6Xwie_oYPO6bWsbl.mAyL74y_wkw5SXfBz6uIppC.De3fhJlNH9KwRgEkH7m8nX__sp_BiZwui1BdTxlwxfAdQ
.onesignal.com/	1970-01-21 01:36:53	Name: __cf_bm Value: l7_n2bAwHmfxtm_ro_x2i1Zd5SGTpr5swgV0ry8VElQ-1733811582-1.0.1.1-1m2u_kNxD6UPLkSW5fPMU3.yNJAmS4NtiqY6DszKwcvFVDp1uye41hTwFG9G.6qOutz4tAGWeICuHdOpNkk.xA
.apollo.io/	1970-01-21 01:36:53	Name: __cf_bm Value: f2nG4ii_m1tBvGDXJKY8JF8JXS1HFq.d.Evu3FOC6iE-1733811582-1.0.1.1-l3.81XusRWlC94mf9mfwaf5z0V5tv56CqwwFX8A6mhRYymBrQrVjoJQ3h9p47CcVUWgzXufhkMp_Xcy3Fukg2A
www.g2.com/	1970-01-21 01:46:56	Name: AWSALBCORS Value: xt8/G+jrbOXseLF16nEf0T2dfIhOHD/qC0Io4eTZWlG9SThQEG7Ch7Gfp6flB7wk59eom2CAsiDg6ZCOXGrsWdJZFb0TUUpW11Vb5RILLyk7wQnAvx9FF7xFUhQ7
www.g2.com/	1969-12-31 23:59:59	Name: events_distinct_id Value: d206bf98-1a94-424e-9a2d-c21e7bba1ac6
www.g2.com/	1970-01-21 01:36:53	Name: amplitude_session Value: 1733811582455
.g2.com/	1969-12-31 23:59:59	Name: _g2_session_id Value: 1d6b8cbc0150f5f639a4b92f10a404bc
.g2.com/	1970-01-21 01:36:53	Name: __cf_bm Value: lxVgsgWZA4eKt9DDepa.JmZhlssCYUBD.wgr.KfGRfQ-1733811582-1.0.1.1-RtZGOTPfEXHczISKZJAGa1sU8EPphOrvCoiHCHYOfeT1.ecjkXfAp_jJZT_Jvj2AOGwO3N7svf3s8eMrSM46ug
.cyble.com/	1970-01-21 03:46:27	Name: _gcl_au Value: 1.1.2032196222.1733811583
cyble.com/	1969-12-31 23:59:59	Name: nitroCachedPage Value: 0
.cyble.com/	1970-01-21 11:12:51	Name: _ga_4FJGSRPM4S Value: GS1.1.1733811582.1.1.1733811582.0.0.0
.g2crowd.com/	1970-01-21 01:36:53	Name: __cf_bm Value: 9nS_UjLqbzM9dE8mveRX8d.Sj5zhX7flDRUL0PKGKek-1733811582-1.0.1.1-w.46DPrHW7WVMxMWVtas5bJKwYQFRCDBqAZ.Eb58ETUF0hmZBOBhVjW_PJCz70ztigfQi4Yh56PhDr74mv34eA
.cyble.com/	1970-01-21 01:38:17	Name: _gid Value: GA1.2.277221608.1733811583
.cyble.com/	1970-01-21 01:36:51	Name: _gat_UA-201575643-1 Value: 1
.cyble.com/	1970-01-21 11:12:51	Name: _ga_361856552 Value: GS1.1.1733811582.1.0.1733811582.0.0.0
.cyble.com/	1970-01-21 11:12:51	Name: _ga Value: GA1.1.446767075.1733811582
www.clarity.ms/	1970-01-21 10:22:27	Name: CLID Value: e2bc6e9f3e73479b9100a3368b94edb2.20241210.20251210
.cyble.com/	1970-01-21 11:12:51	Name: _ga_N9ZXY95EM4 Value: GS1.1.1733811583.1.0.1733811583.0.0.0
.cyble.com/	1970-01-21 03:46:27	Name: _rdt_uuid Value: 1733811583060.91dc37d5-7079-4900-88aa-ac5ab65c46b0
cyble.com/	1970-01-21 11:12:51	Name: _omappvp Value: COk4WC7EUnwS3DLMgUIwxNCufB4YaoYzdb85rssNXxbkW94D7VgpCajH7DXpnmlGvYZBIDGxFxzCs1zyH5dTRaENQdH8ix4v
cyble.com/	1970-01-21 01:36:52	Name: _omappvs Value: 1733811583319
.d.adroll.com/	1970-01-21 11:05:39	Name: receive-cookie-deprecation Value: 1
.adroll.com/	1970-01-21 11:05:39	Name: receive-cookie-deprecation Value: 1
.cyble.com/	1970-01-21 03:46:27	Name: _fbp Value: fb.1.1733811583439.22591796587335071
.cyble.com/	1970-01-21 10:22:49	Name: __adroll_fpc Value: ea8906f732f21dd124575f2853110a91-1733811583501
.cyble.com/	1970-01-21 10:22:27	Name: __ar_v4 Value: %7CELNAF2EZDFHJRAP3ODLCUU%3A20250009%3A1%7C3BMTZYG7A5BPDP54WUQHR4%3A20250009%3A1
.cyble.com/	1970-01-21 10:22:27	Name: _clck Value: 17w98pu%7C2%7Cfrl%7C0%7C1805
.linkedin.com/	1970-01-21 03:46:27	Name: li_sugr Value: c59e2736-7bb9-49cd-be15-f333219a961d
.casalemedia.com/	1970-01-21 10:22:27	Name: CMID Value: Z1fdf8AoJHgAAF-TBBZNgQAA
.casalemedia.com/	1970-01-21 03:46:27	Name: CMPS Value: 1566
.casalemedia.com/	1970-01-21 03:46:27	Name: CMPRO Value: 1566
.linkedin.com/	1970-01-21 01:38:17	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=3061:u=1:x=1:i=1733811583:t=1733897983:v=2:sig=AQH5iGTcmyG_70szBZ3yQR2URKLynlv9"
.openx.net/	1970-01-21 10:22:27	Name: i Value: b5f6e44e-a99f-4276-8a3c-889532bbbe9f\|1733811583
.tapad.com/	1970-01-21 03:03:15	Name: TapAd_TS Value: 1733811583783
.tapad.com/	1970-01-21 03:03:15	Name: TapAd_DID Value: fec3219e-2b65-4b30-9854-f3e517d84284
.linkedin.com/	1970-01-21 02:20:03	Name: UserMatchHistory Value: AQI98eOKw8dl1gAAAZOvOTtnrU5Avo6Hwt3IPyVYkqYWNxoG_Vp1UvGwILZuR2KRYxnv91MNzVqsQQ
.linkedin.com/	1970-01-21 02:20:03	Name: AnalyticsSyncHistory Value: AQL7xvt6qiGEYAAAAZOvOTtnViVQf9Z4_CW_iS-RtXqSGdMrsTWGXqBVUzVn-jNwCzQSqpLv6L02_ToxElPxTg
.3lift.com/	1970-01-21 03:46:27	Name: tluidp Value: 3970750413391554579106
.3lift.com/	1970-01-21 03:46:27	Name: tluid Value: 3970750413391554579106
.rubiconproject.com/	1970-01-21 10:22:27	Name: khaos Value: M4I2NG5X-F-1N4S
.rubiconproject.com/	1970-01-21 10:22:27	Name: khaos_p Value: M4I2NG5X-F-1N4S
.rubiconproject.com/	1970-01-21 03:46:27	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-21 11:12:51	Name: IDE Value: AHWqTUlb6yYI15r6BA8bLR3n_3NImUfUnPv6zHmfAhpDaW2ugstCs-R6pRfDQ_l61mo
.adnxs.com/	1970-01-21 03:46:27	Name: XANDR_PANID Value: lP2sByP0DFXW2058r32J1hjjZ8OGAyhN_PVud-2KlKkhHHhCW3LQV7UOg5lUNumpXP38ucbqdYqCaKhywU-X9Azr6kawaEXpZIzjiJfbaO8.
.adnxs.com/	1970-01-21 11:12:51	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 03:46:27	Name: uuid2 Value: 2336043701586912051
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-21 10:22:27	Name: bcookie Value: "v=2&aa11b0d0-37c0-4b85-8ae8-c7dbce607a93"
.pubmatic.com/	1970-01-21 03:46:27	Name: KRTBCOOKIE_10 Value: 22808-MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&KRTB&22883-MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&KRTB&23504-MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg&KRTB&23615-MmVjZTU0MjNhYzQwNTY3NTY2YTc3YmY0M2Y5NDBhODg
.pubmatic.com/	1970-01-21 02:20:03	Name: PugT Value: 1733811583
x.adroll.com/	1969-12-31 23:59:59	Name: ar_debug Value: 1
.hsforms.com/	1970-01-21 01:36:53	Name: __cf_bm Value: vfygd0dvFmugz0t6ucfuSg_kldJm5uyVCQH1PDHysDg-1733811584-1.0.1.1-ICffEpVYwwBKX1pXMGxdjCy2WEjKtWMJjlkdrBB.cRg6MzyXJXd35YkHx1fmhoydLT_7DsmJrTKefNcDSv03tA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: tFN2kr10HvIHHjK83ITkmpQIxJ2k0XrickUEln2z3qk-1733811584003-0.0.1.1-604800000
.taboola.com/	1970-01-21 10:22:27	Name: t_gid Value: abe28760-8375-4525-bdce-86e93c775f08-tucte5162ff
.taboola.com/	1970-01-21 10:22:27	Name: t_pt_gid Value: abe28760-8375-4525-bdce-86e93c775f08-tucte5162ff
.d.adroll.com/	1970-01-21 11:05:39	Name: __adroll Value: 2ece5423ac40567566a77bf43f940a88-g_1733811583-a_1733811583
.adroll.com/	1970-01-21 11:05:39	Name: __adroll_shared Value: 2ece5423ac40567566a77bf43f940a88-g_1733811583-a_1733811583
.adsrvr.org/	1970-01-21 10:22:27	Name: TDID Value: 45ba5829-bb14-429e-908b-0eebe8d8e1e2
.cyble.com/	1970-01-21 01:38:17	Name: _clsk Value: 4k2nqm%7C1733811584136%7C1%7C1%7Ck.clarity.ms%2Fcollect
.tapad.com/	1970-01-21 03:03:15	Name: TapAd_3WAY_SYNCS Value: 1!8286
.pippio.com/	1970-01-21 10:22:27	Name: did Value: GjvbH6KsJIxJD9rY
.pippio.com/	1970-01-21 10:22:27	Name: didts Value: 1733811584
.pippio.com/	1970-01-21 03:03:15	Name: nnls Value:
.pippio.com/	1970-01-21 03:03:15	Name: pxrc Value: CIC737oGEgYIgr0rEAA=
.www.linkedin.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: ajax:4543556513401260538
.www.linkedin.com/	1970-01-21 10:22:27	Name: bscookie Value: "v=1&20241210061943d63c7b03-8909-419e-8563-356e2c83b4bfAQEPjKh7pLhd8HeKnnY8TjpvbUWalphM"
.adnxs.com/	1970-01-21 03:46:27	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2HbxH?WH=!@wnfH1Ya.O4]7Q=E?Ff24[4vjE.$i30igT^mYq[iQVj#/#'RU/FKAM$XAIwIToNw-DdW+Oy$veCwH7cd#A^e+.<Q!$ZG*FAJ<
.cyble.com/	1970-01-21 10:22:27	Name: cb_user_id Value: null
.cyble.com/	1970-01-21 10:22:27	Name: cb_group_id Value: null
.cyble.com/	1970-01-21 10:22:27	Name: cb_anonymous_id Value: %227cfdc10e-e3e0-4bb2-9f48-29cad880cd37%22
.cyble.com/	1970-01-21 05:56:03	Name: __hstc Value: 27441379.d571e097def44b7aea3f284a5c65ba65.1733811584985.1733811584985.1733811584985.1
.cyble.com/	1970-01-21 05:56:03	Name: hubspotutk Value: d571e097def44b7aea3f284a5c65ba65
.cyble.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyble.com/	1970-01-21 01:36:53	Name: __hssc Value: 27441379.1.1733811584985
.cyble.com/	1970-01-21 05:56:03	Name: messagesUtk Value: 7f3850de164a47c192e427a69ebce9ca
.hubspot.com/	1970-01-21 01:36:53	Name: __cf_bm Value: 5R9YPm1Cs.qTj0SPbawlaIGyi10EVWIGbhXRUjBUpmc-1733811585-1.0.1.1-KLVhN0D0T1sRUvD6ChbH_GOLDxJCJGnfnLFUKdqvs5EnHwCpgufYb7ikxlUUQxwnGgZZfVgq3qACOZD3_J.1Zw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ozf_3QTa2jEiHeEE1b1VSDD2RTwgcNMK4QeCJflSYGE-1733811585141-0.0.1.1-604800000
cyble.com/	1970-01-21 02:20:03	Name: omSeen-hrmi1wlyf5zkw7jqsfln Value: 1733811585197
.labs.cyble.com/	1970-01-21 01:36:53	Name: __cf_bm Value: qVrYeb0rYtx7gaVlWsV__ZWSkLUSqctb2rdNwqql8pY-1733811585-1.0.1.1-MojAD84cxuGnws0euLHUm4Udf38h83xp4SkhEyAwF__BWHUBezwky85f6.O2zF6gjyw_A891cVXBnAAjjaZGgQ
.labs.cyble.com/	1969-12-31 23:59:59	Name: _cfuvid Value: VXJhLu6pRbYqiJ_p5t._D6kOuLnG2Q8srrq0LrCPHbc-1733811585242-0.0.1.1-604800000
cyble.com/	1970-01-21 02:20:03	Name: omSeen-wlravxmwms40sunr2q0v Value: 1733811585310
.cyble.com/	1970-01-21 10:22:27	Name: _zitok Value: 04e25c60c7398d9fca6f1733811585
.zoominfo.com/	1970-01-21 01:36:53	Name: __cf_bm Value: v0g8zMTC.UAE5gqjb1YOivjYgvGf1ZK9w1BXNR58oJw-1733811585-1.0.1.1-xJRkJ8a1mMNVzRUCimxvaHC5UPHfWl1bf5LutfQCUx1.KHcGbigxcJTV.Oe1_6hSrXUIE8sfrigKVep1AtL0Aw
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: YffVX2hvoCDJVgY8t4o.BuOXknpy_ihD9fXovcoQaIY-1733811585727-0.0.1.1-604800000
.bing.com/	1970-01-21 10:58:27	Name: MUID Value: 384684346E6A689F24C591656F7669A7
.c.bing.com/	1970-01-21 01:46:56	Name: MR Value: 0
.c.bing.com/	1970-01-21 10:58:27	Name: SRM_B Value: 384684346E6A689F24C591656F7669A7
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 10:58:27	Name: MUID Value: 384684346E6A689F24C591656F7669A7
.c.clarity.ms/	1970-01-21 01:46:56	Name: MR Value: 0
.c.clarity.ms/	1970-01-21 01:36:52	Name: ANONCHK Value: 0
.rubiconproject.com/	1970-01-21 10:22:27	Name: audit_p Value: 1\|GOXuVIVGhnc4bZWzsoucrPwaJYsTdkaLRBxtKz6WDxkJgrx32vgqHtmF34/TpJCnN6DRmPpkOoNw0S94mtzOH6X03m07ywdlM/uPx/DKN36F0ezT+gSShzIFpOWtpo0Hb2aAuu8cZyuRTvD3rR+4hmFgB1Mlcu5WEzng/6OCuurdsXhQEMUf0D+sFLB/WmBAiyTz+DOnHeDc6UO785F0Pw==
.rubiconproject.com/	1970-01-21 10:22:27	Name: audit Value: 1\|GOXuVIVGhnc4bZWzsoucrPwaJYsTdkaLRBxtKz6WDxkJgrx32vgqHtmF34/TpJCnN6DRmPpkOoNw0S94mtzOH6X03m07ywdlM/uPx/DKN36F0ezT+gSShzIFpOWtpo0Hb2aAuu8cZyuRTvD3rR+4hmFgB1Mlcu5WEzng/6OCuurdsXhQEMUf0D+sFLB/WmBAiyTz+DOnHeDc6UO785F0Pw==
.adsrvr.org/	1970-01-21 10:22:27	Name: TDCPM Value: CAESFAoFdGFwYWQSCwiO5_m8lbvMPRAFEhcKCGFwcG5leHVzEgsIyIeW0ZW7zD0QBRIVCgZnb29nbGUSCwja0qLYlbvMPRAFEhYKB3J1Ymljb24SCwi2y5bRlbvMPRAFGAUgASgDMgsI_NuY_qu7zD0QBUIPIg0IARIJCgV0aWVyMxABWgdpeGtxaG80YAE.
.clickagy.com/	1970-01-21 11:12:51	Name: cb Value: Z1fdg2sVN0iWkP7kUXr9_o7Q
.rlcdn.com/	1970-01-21 10:22:27	Name: rlas3 Value: xY45y9iiO+qGr28qonBzYNXLf+CsfQkLJAUJKDOJpqA=
.rlcdn.com/	1970-01-21 03:03:15	Name: pxrc Value: CP+637oGEgUI6AcQABIFCOhHEAASBgj/6gEQBA==
.demdex.net/	1970-01-21 05:56:03	Name: demdex Value: 78748116474472235332090924422301775190
.dpm.demdex.net/	1970-01-21 05:56:03	Name: dpm Value: 78748116474472235332090924422301775190
aorta.clickagy.com/	1970-01-21 11:12:51	Name: chs Value: [{"ch":"278","t":"2024-12-10 06:19:47"},{"ch":"114","t":"2024-12-10 06:19:47"},{"ch":"124","t":"2024-12-10 06:19:47"},{"ch":"4","t":"2024-12-10 06:19:48"}]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
alb.reddit.com
aorta.clickagy.com
api.hubapi.com
api.hubspot.com
api.omappapi.com
aplo-evnt.com
app.clearbit.com
app.hubspot.com
assets.apollo.io
c.bing.com
c.clarity.ms
c0.wp.com
cdn.onesignal.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
fonts-api.wp.com
fonts.googleapis.com
fonts.gstatic.com
fonts.wp.com
forms.hubspot.com
googleads.g.doubleclick.net
hemsync.clickagy.com
i0.wp.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
img.onesignal.com
insight.adsrvr.org
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
k.clarity.ms
match.adsrvr.org
nitroscripts.com
onesignal.com
perf-na1.hsforms.com
pippio.com
pixel-config.reddit.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s.adroll.com
s.w.org
s0.wp.com
snap.licdn.com
stats.wp.com
sync.outbrain.com
sync.taboola.com
syndication.twitter.com
tag.clearbitscripts.com
tags.clickagy.com
td.doubleclick.net
to.getnitropack.com
track.hubspot.com
tracking.g2crowd.com
unpkg.co
unpkg.com
us-u.openx.net
videos.files.wordpress.com
w.soundcloud.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.g2.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
x.adroll.com
x.bidswitch.net
x.clearbitjs.com
cyble.com
www.linkedin.com
104.16.117.116
104.16.117.43
104.16.118.116
104.16.139.209
104.16.186.41
104.16.77.142
104.17.111.223
104.17.128.172
104.17.175.201
104.17.247.203
104.17.25.14
104.18.141.17
104.18.142.119
104.18.2.9
104.18.243.108
104.18.27.193
104.18.30.176
104.18.39.246
104.19.175.188
104.20.39.213
104.21.86.248
104.244.42.200
107.178.254.65
108.138.85.113
13.107.21.237
13.107.253.40
13.107.42.14
141.226.124.48
142.251.16.156
142.251.16.157
142.251.16.94
142.251.163.105
142.251.163.155
142.251.179.95
146.75.28.157
151.101.129.140
151.101.193.140
157.240.229.1
172.175.38.6
172.253.122.101
172.253.63.97
172.64.147.16
172.64.150.44
172.64.154.248
174.129.215.41
18.209.182.48
192.0.72.2
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.37
192.0.77.48
192.0.78.231
20.110.205.119
207.65.37.184
23.218.218.161
23.218.218.181
3.162.103.91
3.167.72.96
3.167.99.33
3.171.85.60
3.222.211.52
3.33.220.150
31.13.66.35
34.107.133.146
34.111.113.62
34.237.251.14
35.211.202.130
35.244.154.8
35.244.159.8
37.19.207.34
44.223.154.245
50.16.70.197
52.204.243.204
52.223.22.214
68.67.161.182
69.173.146.5
70.42.32.159
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
0233a6911a317d7de430575bd9db2776c25cc9131abd9e280bb065fff1818443
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc
02a661490aa341e4e0abb139d22f9dfaf7de3206329a4d22acacd96cd46351c3
02ae6101096a037cafe3c0bb64a0cb7faf1d617bf6afe35b3405f02f03096b42
061918d0a4f95724e73ed3469513a4cf4bc92a27e768eadf4fd0c48e307e0dcd
068d01d2f5a618b2dbc3828da4bb6217feb4e7742c1ddb926473a2968d9917e7
071277a837bd15a2c626377ff352570603ae3edc5e279a1af896514f3737f535
085f1c63aab752f05fb97467a71718350db0c975cef72e035fac1077ea68abbd
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
0a0b85f55ebb7086cee0971885ce7e6ffea8e46b1cef521394122362102518c7
0bcbd82d69f75075c7e7897cb6c92c62dbe4430008ecdfcf56bdbc131488982f
0c18a7096d8615e2b30d7fbaccb64fe00b6cffccf671c3c4ca53244640722202
0cd088147551ecae9b1e29c2ac532c56bb99132973e1310f4911d7fa31997a12
0d5b75c856840e6416a09983363ebc6fccf18c130675a5034ff8094e9bdbb0da
0eb0fd9517c69d0c495a9ae4dde49828daf40cb663580cbfb8065ca72e9d01fc
0f2ca337e8e1a04cd619e8fbff4b26cd81a5aef5b593462c250110bb68ba9a29
0fdc89e17ea91330ba948977363f71b47c5bd7bdb0be381818b9851abc56c271
1030dee6b293cd2f1331f5355130a5db48929f961ba7409a4d4ce83c73caefdd
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
104a8d629d83b0015aceaccb0ccff6178efeff33c99a132a148728f800431b93
104b75765fb6123a6d82c82d0bdcdca35d2f6231af61de21f42bdb83c805760b
116f7f1694a68142058c98492da5867364419dc5eb682c8c12a14b70a9377ba0
140eedc23b5929c1bb8a74d021936779b48156ccb5445431659d656f8aa104cd
160a942a5dc77e91288eb749abe7be9395d3cd0db26016863d101911789ac555
1720f9f3ba818b6997a7a09443b08b846186066911e58f8c47f793bd811912d3
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1ea5e766d95ee942603344bf1f686d56407a91d9c49f52b8639e47dd9feadb3c
2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07
21ca401cbbde35042f019c98838ddf7fcb692d34804d581212588e41c62a1152
21ef5e6434bc507bbf24bd0294c53dc7e561bdd0c991b45d90be45cbbde72978
222671695c39932625f7de419d583857d59db5e23a07c46f0b4df9c4cecdea42
252ff47bdded7295123a3a968787365824d86c1039686f0153ba50e8e5d9ecc8
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
270e916e0527855b7fb38a288df78658e646a99a057969e4172506375ae17820
275fb4a7bdeab3c59caff1c0ea88bf1adc9f4cfc377a9bec7b28517d13e2fd37
28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087
284b0facae6132d66280225e6562ce6f8442656568dbb12123094de6433022dc
2d425e13cca65eb80ff0254b9087c4dafc545509e33973f304a7240dc3a19af4
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
335232b6561e0fbf8142961ab04844d975fb1f4ba7ea1e0535557897da8ce364
347f04555337c884b83cc6ee9c57ed53f2d9dc61b9a5a7e638dc562d6ef6a4e0
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
3570909efe317eb6fcd6de84ddbdbd2ba89238bab48ddeaaeffe433da3319de4
358672523e539e3589b7eb66dceffe2c3534ead1c956c0374092ee1b3d1e65ef
367da9aac7400b92ff2cdde630d4f75a419ac04ccf74d3cf74818d081de92109
38cdd5707960016894826480e1d4720f43c1541306e4db18a7dba62319f5e2ec
39dd4eedf59461aa0bb42f57f4663d3b3224f5efcdf95f7e571e829aae135905
3e3ba4792af8735ee40cacd52ec2061118d721b49a05ada6f8f1ce656f8ba1dc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
40cb25cf386062cf660429f20aa17b915e9537d688d55743758aff5e9525a38e
4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
429e6cab64539f15ca1c33984a782a42b43c0f02dba4cc4009f322f89fac9492
43c09afbdac92bfc5756cb574ca7b26aaa96f39f91cacdf48cc51316bcceeb41
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
444ddf787deff39d7f0971825470863a3086ad0a5050c3e62eeb43f054840a4e
44a647ea363f1573ac79f9d249cd3b07c8c026fa6b0a1107c6ca6cbed852b5cf
4603778746bf8372d75ec7350fe3a07572fc909aaee89fc89595fc93c82699f5
46600e0d3986fc826a392eb547f29876bae02fffc6259a5330d6db55adf1393f
46be445d1e73f0f772f143ba2831302283ea44854d338b47d8dc5a9d69b4d2a1
46be8975c077af9ee628b95903df417598a0df10350acb20e678ab3fe9a54f36
488c61b1e9b0b33d58f29ea36304b03b688b2107afebe80a78e2053c81244adc
495fed24d3e9684ea506e6b7128c5ae3f8bb59a053dbf77207cfcaa8f32c0e76
4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be59303a71dba6e02707efdaf510e858b5a703d09811680dbc3fada6c2111c5
4d4650ca007326deb6524524b7074dd677a0026d75ad55f56df7698a136d9034
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
5009a34e30063ffb89185274681b359ae8c7dac19a606d5b1456ee3524cbc9b0
51961b2c0bdbfaa3f8cb21e59d2ae04e029c44edd84d95e8fb4b67ca55e26b8c
5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54adf4588038aa406ce898380a589e4afb4bd8c3b4d152461e1b4641a7443fba
54e6a6164f69c9bc0c9098f976648a49f31cc5fae95c9484af6853e800965e8b
56bf0f760c2ff663fc46bd5835dde1654cdd29d06fcebebe1582f4872ba50751
57533e961bdaf5ffaf1146f0c041f0598806607a330000195992f4652d2c1f17
596e5530d1cf66e097a7a82ab01d9f5d98db99bd6688f8ec9d1775e213e06ef4
5aa829951ee5d3932eb7689133dc79f5e8156cde680637cb6f87cc6c33a46d5b
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5e9a40b65b24273f15ea3f994bc4ba59b451c171f0e461b85af4b7ab5d7457fc
5f0171934a868318185fd805252f4d75230bfc623b87e0100a0fb2d97001a048
5f206a31c6eec959fb4867ae9ebb52796fc70a61a5c33a7aa83ed00ecb0ef964
5f75229618682b638f81b324b803e9c4752b8eba4a5846daa094c7626e2639d7
60893dad7355da8c2a46dfa7e3649667bacd46e975099cf4daf79984e6f301d4
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
63bc9667d37a904feb7751646abe3e677541f4de361aab8038776a3f27c988f4
666ce27930995b7f32000d6d54aa91af08ff3533f24ca54483d75b6090da352f
67949cf81b1031891a9ce94e48a4d7f2eb8bf47f945f0eb8b6dadaa1b00d4ca9
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cfa0aa86ba2071144541fb9d26f2504f360d49dc25af11a0b8f1b523a59e48e
6f0b2e96bd88c2d8512dfd204adaf2251376467a1f834a51c66ce85f0051979d
7020a2f35c08a997e1d96da73093b9bb97df210cd9147454c9e38972818724e8
72fa992b4e5dbc2f71424812f8d4ae529376bc186942699def38ed7e7cb67768
75bcb86832f42b4942244d252ed90ca846116541c76a3d848c21563ccdcbf14d
768ce279895a5bf92b52e3fd9141ec2e700dd614070e7f6f56ba0e75533fd08b
770704ad15068b1238bfdbaf13d50df3c11066459341e91b8da949fa5154ab64
7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1
785d3e9ea187b7242e1a4365a48c3fd95dd7a469245d24c6769b8d46c4ef4b81
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7c345c812c6c32c007d7fe0f4968df8f847ea5006e76c8633da70d446b1936a5
7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53
7d12aff8ee5cdb12ff8c234e4ff7168c52d8d7522be165b9c1fc9698f15b2123
7d5c91bba288f8d52bece6eb27a646578f0c935f8890f9f1fb5349060c7ce77b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7e39ca202285330a13588739f235a578d206d90662ff2be89581352324b29cc6
7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322
7ea4ecc6e5b3e40546eee8d458437577958b920c4e2d72e395c8dd1631633ad8
8092e395138f7b26adbcba6232e3ebb0e29a839b0e7f0f8773ee11fcb294d2bb
80b0a5f7cd77876b8cba22b64a51004354570213a17e39942a8fc0cff220823a
8149b77a96ece76089f6f3203e8931c73b63d1fe943566f42ab6aaf103167fb9
841877ad87c6b92f15ea82ac53484bd2f5a1504d3cea91e30e631f874dc3f19e
84de47ed6481524074cd5e375bb773f01b59fa6452539b3b60cdb916914ca0e1
8639604f6b9525e4e14c0dec40129920dc99d2ce640ccd0d5906a142ddd0e248
8774a849519bd33b973e8b0deb311ce92a48e0803fb8c78fccd5e06251ef0623
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
89bb54e03aff26116dd642771d281a558e3bab02d9233ec66e9bac269b6780c5
8aece4bc00bb232af7eb9025ffe6ab936b93b2d7f408fa0ba242831682aa07e2
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
93cf6e96459e42f9f656e03ec4800578dc2c021dcde475c9e5e891a7780b0866
971f611c332c69581c6c65714bba01dce6e8f19a2fcfb8c04f87c60efcae9c69
98a7b742330c2c2ce413a79e00cc7daafe932518e10355cd9daedfa81201422f
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99eafd83dc71117d7a1383b917a4f0f20455203c3c7d48c9b71ab5cfabd4d6a6
9ab5fc4c6878070bab4f04176d58c0c5172e227b28bdb02ee4594c7cddb5a11c
9bc52b3c4e9973d64baa482f332ed895f80d0cd2be37e6a49bf1a2e831eb5ac9
9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860
9d2c8f34912c4d2e7f1d5ca8b1a6696c65bea86c646beea1eb550b897c61bf50
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
a0d7310be48b4f4fc33d69c4debdc93c879a9541d61be8f2347c94a77fac19b5
a25c19dbd47bf7b70982d51eb7cb40e12f1ae3070bd04ec5a974e8d2ca8f7736
a2ab001c7323aaf5bf6ba68d2aac9f8e4766144ddc83ae8d64e5b95203321e98
a4db61a80da765a71da6deb63d1545e138432a34f244d577e1c6cca06303e42e
a542f4b92ca1daa49d452f46578dfb0178939c378da21f7388e75e55575fa69b
a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a751e5eaf162f1ffd88318bd3156b6fa5f6cd8fec6885d0d840d1af7dfa7795d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aad5b86b7dbbe9b0a901b3f4ce7be4109bc670c591da4cc4b01d951e83263676
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad4e2d51cf7f8cad0b33fcae853656fa79fa2da3e9828bdf50895a88d9463259
af9a996c2c81dfd42f250744c203f1c5cea19f97d95529eace340098a6f43eb5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b195b9c5737214bef71cd6405af04b3eb88882acd9c582a0432c18c0561756bd
b2f7d72587caa4ad01e2dea12665d2e1e83a1a6e3326c0eaec6e2131df0eec86
b536245d5d1912397f06964694ae416b45a26a3bc39021850852c647bee46bab
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8483ea5c1d443e6c3e452a647ccba999dc81051a4ff29b9a7bbbc0aca869d4f
b868e5891fc3e467ac6203bb3f4756f85ae07372435aaf22039d44c152c3fbf1
b9ced47ef3ad562923708f2c297de4ba34f02d70b886304d9ec2f68196af532a
b9e2438f6d5140a1c762ff89c499310dee46597bcb2e54d9031abe8e57b3a112
bac4ad58a5fd50a805c9b5fb87e844c16c61ea654bf12a8067fef84062ad7d31
bb19cc9bb9e4e0f0237ee1f0c213487452c77e6f9fa6fa9edcb87f4de9f0c21a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb6dd7b78908ff73f738c1c432a7008103ee96d062722eb83eedefc6897be9bb
bc17aba2e2968927fbdbe26ede920ab0c8405778eaef52b009438a5fcf4ea4e6
bc1aaece65e52f7c2678d2b2699182f51ad003a41780a70f985cace566743912
bd60836ecc4909c913a394e7e9a2566966e1594a5a43415447f7379377f132ed
c26aaa5b7a820c774786f40b28be241ddb4257312745121c33b7428699501002
c34181d77c490de9444cbd842fda06aa589abd9bc9d1bc1de0dceedca2d40bc8
c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847
c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196
c69c3ed69efdef75400086f66e14917fa9746e39ee23774c055ad25355b5bc7d
c815c49731528111127f7705e82a2d7a8ca5b5e1a1a0435af6e7b0407a842928
c87fcac153783ea615f856ad1c0e12791952c39b8ddde7f11fa3d47c0a3b3998
c8b34d1dc6fe4a35430145b91b748edc088120ef291c09a9dea9e62f87ce3af0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c96637576deebc6e435e2c5a65868b0db2d57b477009d704f050c51a50abd4a1
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb12197731dc09800fdafd6a73fb48db5b8d62169139184d0b6fc729192fee50
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf37c05fbc57b2215d1d3cf68364b3b49f006e891f8ae4d8f5b355c06a3fbde0
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d3464756d074e73852d37e33c5113f5091731620ec0429917a74f1d6a80d02d5
d3d70612d910dc4ecf3d0b016f74929004d5345ebd0b97ce70c2d6c0ff90dafa
d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c
d417b6ed49cb6ae3dfe2b0bab5d865472052cd0286a9478c74cbb09a02a56d0d
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623
d945db3b417b4db19cba8309582dd7f333976336f0d62bc682e662a8848fe4ee
d9c370831c74b1850d70f5b1c99453d6cda21e5099428a3f21c43bd96c3acb5d
da6cc3e07157e3847c0cc83a0ed1261245a44880786922222e9e56a8aa9bb92a
db231971790e0cbafc4b9ea698e905207070577024d8c6485a87576fd79affc1
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dbcfa5b88d853f525bf14ec9ef3e1227b62a8579cc9aa4796c72b655d6a98532
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc1da692990307185621fd661b7305e29d3a0a5ba0f0d998e5a1463a17c57044
dcfae17641a4eda527ddcc54043a08b6707d50c533967c6dd07cd433060090ac
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfb10d80519eef92b73d18d564188be9de6b6c95c63ecfda24285082cf0e110c
e075a50ed4fe42b9a1e7c1d52a00c71d205a55fa7278b07648078fd7cd7fd5ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
e807502afac6b5a89fab76877558873bee858c33be8a6c3dd5c6ee0101dd7420
e92b5c4af8c5c6115f09955c6aa8577a45c65effe782e0593540f09177f69a29
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef
ece71cd9595c09fec3d17cf9cd1a2b613f32e48fc6e288214593b5091416cb94
ed632e360c39c0dd4221ab4ceab93684e8bdcba75055acdcdab64d74a9e13c6e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff50ee97749192a01ffbe5c7d7b3b88d11cc53dcbd6d659b22b37e8cc0754d7
f14b33b9d5a249b41c2c3ab1065df21780f8d7d681c6a745244848dff1845c58
f16c3ea44afc678d334551e6d587690abe2c70306c21cbd41bf675cefe9efe6c
f173fd421b26d6877143a9120fd91f86cd07e4deaa36b9fb2e04dec261ab3462
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f41b0ed4eb477d5bdbeaddcbfa39b3da2d85901f3bcabc525335e0e153eaacef
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f5698138ddbe35f9a9d11b41d77f994f0d65b4b1e88b066b5cd512ae6ccebce7
f7daf92d34ab4b3159b92726a0d12c15ea1dac04811e2536192854ca24271201
f859a8cc18d7cd132b29e699b4ffb33b7ff83f74b4c73df293c806d18bc7c231
fa8d2aa34c3125a0fce865a24d0f39bd388269f4ee2c41786dc6c400a023dbb3
fb4761991a37966a1db7dc20ff07f33eb2810425ec87b862107c9ae3f4b549a1
fdc9a433f5b281b04f603b4c887f28ef632a7f5421a160e02f784c7c9bf63041
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff2a8b60278dd156c3d3053a9237262bedee76758475fbe38e81eece6fc020b3

cyble.com Open in urlscan Pro 192.0.78.231 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

281 Requests

93 %HTTPS

0 %IPv6

62 Domains

90 Subdomains

73 IPs

2 Countries

7797 kBTransfer

14862 kBSize

100 Cookies

74 Outgoing links

Redirected requests

281 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cyble.com Open in urlscan Pro
192.0.78.231 Public Scan

Screenshot
Live screenshot

Full Image

281
Requests

93 %
HTTPS

0 %
IPv6

62
Domains

90
Subdomains

73
IPs

2
Countries

7797 kB
Transfer

14862 kB
Size

100
Cookies

281 HTTP transactions
0 data transactions