fieldeffect.com Open in urlscan Pro
199.60.103.92 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign#6e2eyj9
Effective URL:
https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Submission: On July 09 via api (July 9th 2024, 5:09:16 am UTC) from IN — Scanned from DE

Summary HTTP 135 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 52 IPs in 6 countries across 41 domains to perform 135 HTTP transactions. The main IP is 199.60.103.92, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is fieldeffect.com.
TLS certificate: Issued by WE1 on July 7th 2024. Valid for: 3 months.

This is the only time fieldeffect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	199.60.103.92 199.60.103.92	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1 4	2606:4700::68... 2606:4700::6811:f9cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:593e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
4	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:ba1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:b05b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
5	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
4	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
3	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4c8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:15::213:7e4a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6812:1fb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
11	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2606:4700::68... 2606:4700::6813:afbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
2	52.29.221.165 52.29.221.165	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e072	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.175.234.12 172.175.234.12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	13.74.129.1 13.74.129.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2606:4700::68... 2606:4700::6810:762b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:752b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:211... 2600:9000:211e:200:4:8491:f2c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	65.9.99.119 65.9.99.119	16509 (AMAZON-02) (AMAZON-02)
4 5	34.227.41.47 34.227.41.47	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.185.153.148 18.185.153.148	16509 (AMAZON-02) (AMAZON-02)
1 1	3.65.167.176 3.65.167.176	16509 (AMAZON-02) (AMAZON-02)
1 1	108.128.111.241 108.128.111.241	16509 (AMAZON-02) (AMAZON-02)
2 2	63.34.165.131 63.34.165.131	16509 (AMAZON-02) (AMAZON-02)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.216.176.3 3.216.176.3	14618 (AMAZON-AES) (AMAZON-AES)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
135	52

26 199.60.103.92 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

fieldeffect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:f9cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:593e (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:ba1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b05b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

get.fieldeffect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4c8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:15::213:7e4a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1fb0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:afbc (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.221.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-221-165.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e072 (United States)

ASN13335 (CLOUDFLARENET, US)

fieldeffect-8376691.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.175.234.12 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

n.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.74.129.1 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:762b (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:752b (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:200:4:8491:f2c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.99.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-99-119.prg50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.227.41.47 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-41-47.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.185.153.148 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-153-148.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.65.167.176 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-167-176.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.111.241 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-111-241.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.34.165.131 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-165-131.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.216.176.3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-176-3.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	fieldeffect.com fieldeffect.com get.fieldeffect.com	1019 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 13026 c.6sc.co — Cisco Umbrella Rank: 16914 ipv6.6sc.co — Cisco Umbrella Rank: 13532 b.6sc.co — Cisco Umbrella Rank: 7572	21 KB
7	clickagy.com 4 redirects tags.clickagy.com — Cisco Umbrella Rank: 62400 aorta.clickagy.com — Cisco Umbrella Rank: 3600 hemsync.clickagy.com — Cisco Umbrella Rank: 57263	28 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1094 n.clarity.ms — Cisco Umbrella Rank: 24558 c.clarity.ms — Cisco Umbrella Rank: 1823	28 KB
5	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 11223 ws-assets.zoominfo.com — Cisco Umbrella Rank: 36085	30 KB
5	google.com www.google.com — Cisco Umbrella Rank: 10 region1.analytics.google.com — Cisco Umbrella Rank: 3576	1 KB
5	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 8339 app.hubspot.com — Cisco Umbrella Rank: 10927 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8303 track.hubspot.com — Cisco Umbrella Rank: 5397	28 KB
5	linkedin.com 1 redirects platform.linkedin.com — Cisco Umbrella Rank: 7210 px.ads.linkedin.com — Cisco Umbrella Rank: 671 px4.ads.linkedin.com — Cisco Umbrella Rank: 7218	163 KB
4	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 15203 perf-na1.hsforms.com — Cisco Umbrella Rank: 8785	3 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 232	162 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 331	50 KB
4	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 1271	148 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 16379	4 KB
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 201391 tracking.contanuity.com — Cisco Umbrella Rank: 44633	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 102 region1.google-analytics.com — Cisco Umbrella Rank: 2949	21 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5116	19 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1906 analytics.twitter.com — Cisco Umbrella Rank: 1362	28 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 110	309 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 324	1 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 927 d.agkn.com — Cisco Umbrella Rank: 1176	1 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 2564 insight.adsrvr.org — Cisco Umbrella Rank: 1492	5 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 19986	329 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	3 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6500	126 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 208	404 B
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 178412	3 KB
2	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 19919	2 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 423	18 KB
2	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 20856	4 KB
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 888	295 B
1	crwdcntrl.net 1 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 1248	216 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 379	769 B
1	hs-sites.com fieldeffect-8376691.hs-sites.com
1	gstatic.com www.gstatic.com	212 KB
1	t.co t.co — Cisco Umbrella Rank: 983	375 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1254	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1900	14 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5142	24 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7285	4 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 10882	24 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 12337	5 KB
135	41

	Domain	Requested by
26	fieldeffect.com	fieldeffect.com js.usemessages.com
9	b.6sc.co	fieldeffect.com
5	aorta.clickagy.com	4 redirects tags.clickagy.com
5	get.fieldeffect.com	fieldeffect.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	www.google.com	fieldeffect.com www.gstatic.com
4	connect.facebook.net	fieldeffect.com connect.facebook.net
4	cdnjs.cloudflare.com	fieldeffect.com
4	unpkg.com	1 redirects fieldeffect.com
3	js.zi-scripts.com	fieldeffect.com js.zi-scripts.com
3	n.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	js.hs-banner.com	fieldeffect.com js.hs-banner.com
3	www.googletagmanager.com	fieldeffect.com www.googletagmanager.com
2	dpm.demdex.net	2 redirects
2	c.clarity.ms	1 redirects
2	track.hubspot.com
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	perf-na1.hsforms.com	fieldeffect.com
2	epsilon.6sense.com	j.6sc.co
2	www.facebook.com	fieldeffect.com
2	www.google.de	fieldeffect.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	forms-na1.hsforms.com	fieldeffect.com
2	abm-tracking.demandscience.com	fieldeffect.com abm-tracking.demandscience.com
2	tracking.g2crowd.com	fieldeffect.com tracking.g2crowd.com
2	www.clarity.ms	www.googletagmanager.com www.clarity.ms
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	platform.twitter.com	fieldeffect.com platform.twitter.com
2	cdn.jsdelivr.net	fieldeffect.com abm-tracking.demandscience.com
2	cdn2.hubspot.net	fieldeffect.com
1	insight.adsrvr.org	js.adsrvr.org
1	hemsync.clickagy.com	tags.clickagy.com
1	us-u.openx.net
1	sync.crwdcntrl.net	1 redirects
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	js.adsrvr.org	fieldeffect.com
1	tags.clickagy.com	fieldeffect.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	c.bing.com	1 redirects
1	tracking.contanuity.com	abm-tracking.demandscience.com fieldeffect.com
1	fieldeffect-8376691.hs-sites.com	js.hubspot.com
1	www.gstatic.com	www.google.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	analytics.twitter.com	fieldeffect.com
1	t.co	fieldeffect.com
1	px4.ads.linkedin.com	fieldeffect.com
1	region1.analytics.google.com	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	j.6sc.co	fieldeffect.com
1	static.ads-twitter.com	fieldeffect.com
1	snap.licdn.com	www.googletagmanager.com
1	app.hubspot.com	fieldeffect.com
1	js.hs-analytics.net	fieldeffect.com
1	js.hsadspixel.net	fieldeffect.com
1	js.hubspot.com	fieldeffect.com
1	js.usemessages.com	fieldeffect.com
1	static.hsappstatic.net	fieldeffect.com
1	platform.linkedin.com	fieldeffect.com
135	62

This site contains links to these domains. Also see Links.

Domain
my.fieldeffect.net
support.fieldeffect.com
partners.fieldeffect.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com
axios-http.com
www.ic3.gov
www.fieldeffect.com
trust.fieldeffect.com

Subject Issuer	Validity	Valid
fieldeffect.com WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
unpkg.com GTS CA 1P5	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-06-13` - `2025-06-13`	a year	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
hsappstatic.net E5	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
get.fieldeffect.com WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-17` - `2024-07-16`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
usemessages.com E5	`2024-06-10` - `2024-09-08`	3 months	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
hsadspixel.net E6	`2024-06-14` - `2024-09-12`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
g2crowd.com WE1	`2024-06-23` - `2024-09-21`	3 months	crt.sh
abm-tracking.demandscience.com R11	`2024-06-14` - `2024-09-12`	3 months	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.de WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2024-03-10` - `2024-12-31`	10 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
intentstream.contanuity.com E5	`2024-06-16` - `2024-09-14`	3 months	crt.sh
tracking.contanuity.com R3	`2024-05-14` - `2024-08-12`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh
*.clickagy.com Amazon ECDSA 256 M02	`2023-09-22` - `2024-10-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Frame ID: C14AB777477F32C73128F64C819E3276
Requests: 126 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Ffieldeffect.com
Frame ID: 1D4DEC2B0610DA9E445C5746453EF816
Requests: 1 HTTP requests in this frame

Frame: https://fieldeffect-8376691.hs-sites.com/hs-web-interactive-8376691-156017758343
Frame ID: 4FBFE3170B281E474A49042DE071365F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9maWVsZGVmZmVjdC5jb206NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=inline&cb=xabx7e5xmxk8
Frame ID: 0A7F5A101895DDD07BAC38E4D46694FC
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 5104562502832B7321950B9951591444
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=8emthjr&ref=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&upid=0s6iy91&upv=1.1.0
Frame ID: F418787F96218017863C0DD15A4D49AA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Field Effect discovers M365 adversary-in-the-middle campaign

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

135
Requests

95 %
HTTPS

61 %
IPv6

41
Domains

62
Subdomains

52
IPs

6
Countries

2395 kB
Transfer

5696 kB
Size

50
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://my.fieldeffect.net/Login.html
Title: MDR Portal

Search URL Search Domain Scan URL

URL: https://support.fieldeffect.com/support/home
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://partners.fieldeffect.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/field-effect-software/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/fieldeffectsoft
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/FieldEffectSoftware
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@fieldeffectsoft
Title: YouTube

Search URL Search Domain Scan URL

URL: https://axios-http.com/
Title: website

Search URL Search Domain Scan URL

URL: https://www.ic3.gov/Media/Y2023/PSA230609
Title: Federal Bureau of Investigation

Search URL Search Domain Scan URL

URL: https://www.fieldeffect.com/blog/tag/security-intelligence
Title: Security Intelligence Feed

Search URL Search Domain Scan URL

URL: https://trust.fieldeffect.com/
Title: Trust Center

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/field-effect-software
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/FieldEffectSoftware/
Title: Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP 302
https://unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js

Request Chain 73

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&e_ipv6=AQI45geazunxxQAAAZCV5U8SzJEaCg9ChFHrEF8sPD5gEBh8q9dl_ONRC6zJGXkHWTGqZmt3aMNGXKDsWpcDIlZ2y3DRBg

Request Chain 109

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a1bdd205fcbb85c948c28308604639c1_1720501751834 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a1bdd205fcbb85c948c28308604639c1_1720501751834&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AACnPU7NGYwAABWg1cKv6A

Request Chain 114

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=C36008F7AC684D259BB19E0D26391767&RedC=c.clarity.ms&MXFR=066AD6986B19667711B5C22F6F196865 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C36008F7AC684D259BB19E0D26391767&MUID=07E811DC28FA67DC1114056B2928662E

Request Chain 128

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:159c805e8787020735df66f739872f9e&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D HTTP 302
https://d.agkn.com/pixel/10751/?che=1720501754888&ip=84.19.175.184&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D217023104938000355295 HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=217023104938000355295 HTTP 302
https://sync.crwdcntrl.net/map/c=8545/tp=CKGY/tpid=c:159c805e8787020735df66f739872f9e/gdpr=0/gdpr_consent=false/?https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D120%26cm%3D%24%7Bprofile_id%7D HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=120&cm= HTTP 302
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:159c805e8787020735df66f739872f9e&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=79908&dpuuid=c:159c805e8787020735df66f739872f9e&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=124&cm=01273885904750687042637611515874759972 HTTP 302
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D

135 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request field-effect-discovers-m365-adversary-in-the-middle-campaign Show response
fieldeffect.com/blog/ 86 KB
20 KB 189ms
109ms Document
text/html 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8feebb97ce6421410861d68239e42b173e51481ccc6bd6f4dee4331d57ec830

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
age: 1468
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-172198427572,CG-34325584238,P-8376691,W-147464246152,W-169311964056,W-87124019013,W-87125221166,W-87125936144,W-87127194395,W-87127335846,CW-88459798634,CW-88459799360,CW-88459799557,CW-88460192066,DB-5242790,DB-5442571,DB-5448230,E-88459799630,E-88459799636,E-88459799639,E-88459799642,E-88459799675,E-88459799697,E-88459799710,E-88460192095,E-88460192096,MENU-147464246152,MENU-169311964056,MENU-87124019013,MENU-87124020007,MENU-87125221124,MENU-87125221166,MENU-87125221203,MENU-87125936144,MENU-87127194395,MENU-87127335846,PGS-ALL,SW-4,B-34325584238,B-46618523431
cf-cache-status: HIT
cf-ray: 8a05cce47f0f9207-FRA
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 09 Jul 2024 05:09:10 GMT
edge-cache-tag: CT-172198427572,CG-34325584238,P-8376691,W-147464246152,W-169311964056,W-87124019013,W-87125221166,W-87125936144,W-87127194395,W-87127335846,CW-88459798634,CW-88459799360,CW-88459799557,CW-88460192066,DB-5242790,DB-5442571,DB-5448230,E-88459799630,E-88459799636,E-88459799639,E-88459799642,E-88459799675,E-88459799697,E-88459799710,E-88460192095,E-88460192096,MENU-147464246152,MENU-169311964056,MENU-87124019013,MENU-87124020007,MENU-87125221124,MENU-87125221166,MENU-87125221203,MENU-87125936144,MENU-87127194395,MENU-87127335846,PGS-ALL,SW-4,B-34325584238,B-46618523431
last-modified: Tue, 09 Jul 2024 03:46:01 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bzilWCAhUMUtlPZE2dm%2FCjcz3SFYj34Ibgs4XrQ5vCgzHHhh2kfgUeqN0idTNOZ6WALDY%2FQhjvM3fYeHmuJMZmCoD4I8IG0JPv4laLGR4TvUZeS7wdMx0wF%2B6kyUcRipmg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 310
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-40-49-td/envoy-proxy-d54bc89fd-czxbc
x-evy-trace-virtual-host: all
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 172198427572
x-hs-hub-id: 8376691
x-hubspot-correlation-id: e6705b93-de8f-4233-ae20-bac075d92e33
x-request-id: e6705b93-de8f-4233-ae20-bac075d92e33

GET
H2 200 project.js Show response
fieldeffect.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 70ms
68ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
via: 1.1 93c19401e4c3042840b49b10b9478098.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10144079
x-amz-cf-pop: VIE50-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1VdCN7qAYZastxsZttdWIuw97mnBkCqvgSWllM%2BRdB22TIeu%2FHvY4s%2BI%2BOINs7zj5ZnSx50P0r%2BSATR7Mq23AT1lW50y9JskH2r0dQSmbv0ssG1xaG7s%2FD09h8hfCyNWTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a05cce53fa79207-FRA
x-amz-cf-id: taibrJxhl0Pv-g2kLxYdkl-I0t1gMNjDW9iJ8n3fVTWw3x2RnykuiQ==
expires: Wed, 09 Jul 2025 05:09:10 GMT

GET
H2 200 project.js Show response
fieldeffect.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 94ms
93ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10157776
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKiMVDhUY2G7l%2Bj7GG4o%2F%2B%2Bxau7Nl96HwgWgChnJVhmsd7WVqeGYWT0wFdswrQ%2FNC1ZIylH%2FLah4ANSlxcOonV8pt6hJeOuvVG129Ygvlyw4JkYck27V%2BCy8JFveqrO0NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a05cce53fa99207-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Wed, 09 Jul 2025 05:09:10 GMT

GET
H2 200 jquery-1.7.1.js Show response
fieldeffect.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
33 KB 70ms
69ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10153589
x-amz-cf-pop: FRA56-P2
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: null
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0O1VgWM0QB3o72x%2FvOlffuH8T7HC0ThFaJepe%2Fk9iSRjkuNYFPOr%2BgEEBufhF9N%2BBdCXf2QoLeM3nLBf0H%2FaPN0KENNb9%2F6qmk1QU5hFIW65kWHbkg7pJXogmQ0wZZ4IEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a05cce53fac9207-FRA
x-amz-cf-id: Hoev-1o9Fho6Y1K3JJghAaFtSQCJWsLprtCVgKQzdUciy0d3AHKivw==
expires: Wed, 09 Jul 2025 05:09:10 GMT

GET
H2 200 v2.js Show response
fieldeffect.com/_hcms/forms/ 482 KB
160 KB 70ms
70ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 50
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a05cbad43fc903d-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: c51a5aa0-e8c1-40fd-a281-925e041b4a16
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: c51a5aa0-e8c1-40fd-a281-925e041b4a16
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=saBb30DEN%2BISVBwLBJfUu7D30rsgCurbyWjbSk%2B%2F6t3y%2Bpm6bEX1Tnzyaj9IYY90l8PZ0Si0%2BBWoCOP0mHyRr41fi2yL6rQW7GDng0Sgi0HqmcxTbiD7NPdn9QGpfOFf2w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-zrgzf
cf-ray: 8a05cce53fad9207-FRA
x-amz-cf-id: -cqnaXqoQgp5fH70MUlfjvDP-ciNPnu48wDCMCssod8K7mtaxqZE1w==

GET
H2 200 main.css
fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/ 134 KB
31 KB 94ms
92ms Stylesheet
text/css 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/main.css

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0110d5fcb8a76e8c3b3fec74376611bd9b5d9f34958e17d94be294ed4e8051e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 2662
x-amz-request-id: DF240AHNYZZGP2RX
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"2d9709471b01ff9fd2d9829b788fa1d2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1716844093298
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: 5GUTuM04F0Tkg_j34ihgJBu799yD8wy.
x-cache: RefreshHit from cloudfront
x-hubspot-correlation-id: 98d6eb2d-9aae-424c-b2b9-d670f3ac1ada
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 157
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Yebjk7AWG2r2slyCn/vx2e5tHbaSkJoHFtfGAVpr95nI8PHBiRUmmTcxjoj1Ef6QMPP5eqLTV1E=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 98d6eb2d-9aae-424c-b2b9-d670f3ac1ada
last-modified: Mon, 27 May 2024 21:08:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMJUuQigahq6b6fn4B28FvydXuWlcKNd1jVBS82TMUhXhP%2B9IjfRkl1oOplmDPfjNwgJN0EkArwg3M6NiWrVuMJCypJuapYK%2Bj6nGTdxOxdLbIukePq8hbk74dCp10JHFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 8a05cce53fae9207-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: 8ejiG_NA97L_k0qB6_ajSB2TAYDzKMziWpN3z1eThAqN32gamt0OqA==

GET
H2 200 blog.min.css
fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799636/1719588562338/FES_Website/css/templates/ 18 KB
5 KB 67ms
65ms Stylesheet
text/css 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799636/1719588562338/FES_Website/css/templates/blog.min.css

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d094c57afe20d13a9d64937994e84ebd2c2b72d7f79a077d76a61202747132b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 2662
x-amz-request-id: TRSME8WQBD499DQV
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"2b61eb0da343193f8ceb31f8e4a79fec"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1719588563095
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: fK5xsasS4GmS3ayaCOF4aShMxTc4NJQg
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 5808885c-6fc3-4986-a73d-1df075bbb175
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MVVr2qeHgQVN8oNr5EOjWAi+TFtYZ3YRbbzXttSC4Y2hGrad6QAUST41KfNTvk3eaNhoDJpQ8RA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5808885c-6fc3-4986-a73d-1df075bbb175
last-modified: Fri, 28 Jun 2024 15:29:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xP1sVzjbyQXERLJk%2FY62zPda9s0XBujv5bHO1X%2FnNvmMlE%2FN8BzwYtk9DKQuRYT6Plr%2F9RJU9K7%2Bro6cVs2H5pvWPs6RZ%2F0Vs%2BzZvHhlEcEM0I%2Bk0HoyByR2zFokFgYaSw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-4fh2w
access-control-allow-credentials: false
cf-ray: 8a05cce53faf9207-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: MjMLt4PCNk5giB05uYSFtYN_svhFqzrQepGGCmmXrJdi1PoGpTnWLw==

GET
H2 200 theme-overrides.min.css
fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799639/1716991213153/FES_Website/css/ 49 KB
12 KB 93ms
91ms Stylesheet
text/css 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799639/1716991213153/FES_Website/css/theme-overrides.min.css

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b166325a741179c6228f1e49e91352f60d6f1625e654c5be39c2ccad286d4c8c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
age: 2662
x-amz-request-id: 8RBBV65BFJV0VKT1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e219baa8fb1113b790ec66c5a0da40d8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1716991214067
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
via: 1.1 024e3e2a85f18d5f1e46b7c4f4f42474.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-amz-version-id: Tjof.Oenqv.H0Ju.Zs3qE_OBaciXU7Ke
x-cache: Miss from cloudfront
x-hubspot-correlation-id: 17396b22-a9f9-47fe-840d-fb056754abab
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 158
alt-svc: h3=":443"; ma=86400
x-amz-id-2: rDo0bcgbOH6xafVRDY+LyatFdubQbXfYuDKT4MiBCHfhcRxZtHa6Q7lCt92rVSvFkc6Atf2Vx3J2165EnoFk++bWl9iHsTRq
x-evy-trace-route-configuration: listener_https/all
x-request-id: 17396b22-a9f9-47fe-840d-fb056754abab
last-modified: Wed, 29 May 2024 14:00:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2Y3Zc5mrnblIRcqaTgVdlNF4YZTJfe7ApX769N1EgAmREitpAVR%2BHnGU3yDP0JNsYB2eH1R2fFhw0RVPmXcRt1sl1cCaCeCtiz4d3tjql4JtOmBKRS8GzH4%2F39TjtsJEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8a05cce53fb09207-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: 5sv6vrCgzk5ss9F2FM-NIBqT0lskRvBu6vefwajEZFtTjTDJflzGmw==

GET
H2 200 aos.css
unpkg.com/aos@2.3.1/dist/ 25 KB
4 KB 89ms
32ms Stylesheet
text/css 2606:4700::6811:f9cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.css

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2446957
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01J020QBQ3BT2875SM5N1F0Q5V-fra
server: cloudflare
etag: "65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a05cce58f2c4d6e-FRA

GET
H3 200 module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1720472848668/ 612 B
1 KB 94ms
56ms Stylesheet
text/css 2606:4700::6812:593e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1720472848668/module_-2712622_Site_Search_Input.min.css
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:593e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: br
age: 28757
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c708989561e0cdbfcf996d1b7f47482c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1720472848668
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ac46fc7f-42ad-4afe-a256-0e26d59837fd
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 162
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ac46fc7f-42ad-4afe-a256-0e26d59837fd
last-modified: Mon, 08 Jul 2024 21:07:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=INdOFTZ%2FJfuIxXuOGeX7AJakYUGkuigDIKqDKyTUj9MYnXp42RmAGTVd9T9rZ%2Fskp1H2puCfHcE74S%2FrC7tosc6lIa7gLy4pPCtZoUH%2FZlevldCnc%2Fm%2Bue40WcrphmhY8lkDpgThEUMVfgPUZis%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7bc58b7fb6-9fg76
cf-ray: 8a05cce569e039c7-FRA

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 122ms
23ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE6) /

Resource Hash

632ae2a19dd0817549172e38d37d628124c089c4466c0dca78378c8a78e3f1e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn: ECST
age: 1317
x-cdn-client-ip-version: IPV6
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163631
x-li-uuid: AAYcyTk6A9rtqgwjPieiqw==
last-modified: Tue, 09 Jul 2024 04:47:14 GMT
server: ECAcc (frc/4CE6)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Tue, 09 Jul 2024 05:47:15 GMT

GET
H2 200 Blog-Thumb-Threat-Brief_01.jpg
fieldeffect.com/hubfs/ 52 KB
53 KB 92ms
91ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/Blog-Thumb-Threat-Brief_01.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e0d4f497ab9f2fc0efa1aad4ac7f40150d0d199cb81886073092db1c30ed004

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-125130051244,P-8376691,FLS-ALL
age: 27368
x-amz-request-id: X5MRFZSJY95NZWGH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-125130051244,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Blog-Thumb-Threat-Brief_01.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "438ad7a54f78541b84b10bc95f45c03c"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1689604768810
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2hIp2qe7lXVkoqhFmWH9F8l7Xt4I_v6h
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=586635
x-cache: RefreshHit from cloudfront
cache-tag: F-125130051244,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 52892
x-amz-id-2: r15dAOLsGnHfRJfy+v4BhYkcY9ga8R1OK5Nih/iYFBwE22A9YBEq1ju4I0KrilCs28wZqKop44Y=
last-modified: Wed, 22 May 2024 15:29:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qY7xOxG981euCebLxK0Jhkk3uMMCdLH0OA%2F47cbsbXDYWDDSoyTK81QyymGaUUy13m90xPyk1ri4vdL6c06ITjvW9GsZ3WFhDTpQELx%2FZiqKlxfex6Vo2D4Q8zd4vUB50g%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce53fb19207-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: Lq0yPH68G6TEoGWRDiQGvlKRbVQqp1boZCARQ5AYB-GmhLkAC349Yw==

GET
H2 200 Blog-Thumb-Threat-Brief_04.jpg
fieldeffect.com/hubfs/ 49 KB
51 KB 70ms
70ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/Blog-Thumb-Threat-Brief_04.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca7247cde6ae2932ad479710e5334f38439d631c3d12eae9f20833dd334016a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-125129585186,P-8376691,FLS-ALL
age: 9718
x-amz-request-id: 20HHW9BKAYSMS01A
x-amz-server-side-encryption: AES256
edge-cache-tag: F-125129585186,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Blog-Thumb-Threat-Brief_04.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "00b6555fa113950d96826ffe2261b8a1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1689604773565
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6dcc6937cfa978a65f9d5d75296b24a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Vhuy_rixVhGCC2xZ0CoX07F.vHQfJ94B
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=1411916
x-cache: RefreshHit from cloudfront
cache-tag: F-125129585186,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 50564
x-amz-id-2: xeb9yXAo4EFZAvIEmBgZZFL49k4tzc+EUNjXbUdxfItVUyeRLboODmDIXKG7Y6StxwO1C34Pq3HeINFalcgqfkWIyHaOPf+P1p82rFxkZ0I=
last-modified: Wed, 22 May 2024 15:30:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRewtJfcMBdzM3VjcTVKQlaQdGGrGbnqHe84uUfbKvV7T%2FrFVtsUVeWWIRxSZkrBdlfshWW8CQ2TW7cI0N2n%2F5ovr9FMgd0SOMS0I2ZKFi6zmfA%2FhEX5SNO%2FBo5PlZYpiA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce53fb29207-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: WaiRaY0Orot3kEfon_aW2VTw1ZgRYMawpukXRq_Hm7CIilcvlLMOgA==

GET
H3 200 Blog-Thumb-What-is-the-future-of-cyber-security.jpg
fieldeffect.com/hubfs/Website-Blog/ 69 KB
71 KB 87ms
87ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/Website-Blog/Blog-Thumb-What-is-the-future-of-cyber-security.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7d2d43c27a110c071106da977e0f779f3c60845234cec1e5be6b457d53de09a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-91229889046,FD-89579184669,P-8376691,FLS-ALL
age: 204648
x-amz-request-id: ZN9Z9Y68SCC5XB83
x-amz-server-side-encryption: AES256
edge-cache-tag: F-91229889046,FD-89579184669,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Blog-Thumb-What-is-the-future-of-cyber-security.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "5b03a5e981294a1ef7283768ac96f1f3"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1668104540860
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f59e52adbf3a58a76dec03547cb4b34c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: i5Gk5mALXQAXOa0rE4cx1abOyOOi2aBb
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=807338
x-cache: RefreshHit from cloudfront
cache-tag: F-91229889046,FD-89579184669,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 71040
x-amz-id-2: dQw9Flp+s5lMC5yzKPJuPRmZkWDeQbjXAooeIMB2umA/lGZYEDpxr+a/RJd+0bztQshoxRlD+s8=
last-modified: Tue, 21 May 2024 21:35:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GfOqkL%2BsNpRT0pLEi8XewjJzrKNHQVzmOHAcVqAVfHW3WJ%2F9oWBLi31NZq2DvkKhZTAfPZerUlTKco%2Fq2P5viKnaht96repPxwlcXpXOO7VDXRVd0V3uIcniH0e6VzYErQ%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce5ea9c9b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: u8QaWeHzWvpSts3e9lt5iPlhHgsFzUiwtnnUJW64JKpBtBmFPnoqSA==

GET
H3 200 Webinar-IR-Prep-Tabletop-OnDemand.jpg
fieldeffect.com/hubfs/ 96 KB
97 KB 59ms
59ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/Webinar-IR-Prep-Tabletop-OnDemand.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

29f11448b5d2c4e4d0435b7c1b4ca01faeca222f410e7367d71047a100fd20cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-165178840437,P-8376691,FLS-ALL
age: 9717
x-amz-request-id: 9A47062CR40JBHXF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-165178840437,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Webinar-IR-Prep-Tabletop-OnDemand.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "faf314cbf6bb486af60143328049fc92"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1713796986167
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AKJaf_IGSsMKjtMulh7E4pJ6uX1hirI3
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=152036
x-cache: Miss from cloudfront
cache-tag: F-165178840437,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 97874
x-amz-id-2: P0ukptYUq+NAAzrIm5j3bU6YaykV/N7+YMUkkfAqANlFL8Jrg8gg1ZrlKjxQVxqTyN8Zg04eHr8=
last-modified: Mon, 22 Apr 2024 14:43:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZEYGwJre8DU1I69B%2B8X1QBFtpNuWharij5AaMH62cRmvlINeMwvbESaMe6KXu0TqnZLAXUs6rewMdygZCMcEQJ%2B%2Bb3mvv4CjiPbtdk6LqpmKs4dhryK3x7LeLIyxwrwSAA%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce5faa59b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: HgbMwWU7Nx3NeIg_tHjxaNPkWet64iylecT8lniOSEnXQoZTX8ygFg==

GET
H3 200 resources-webinar-ondemand-asrs-msps.jpg
fieldeffect.com/hubfs/ 85 KB
86 KB 83ms
82ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/resources-webinar-ondemand-asrs-msps.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

43c369fc28dd8cffd0a38ac8a3dbc8428c59cb13dee0bfa4bc6766f0461d84bc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-166715899454,P-8376691,FLS-ALL
age: 86315
x-amz-request-id: SP1M1NK1KFB621XY
x-amz-server-side-encryption: AES256
edge-cache-tag: F-166715899454,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="resources-webinar-ondemand-asrs-msps.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "bffabc475524cfee9610e78972c4279d"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1715112525443
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 7pgU9DvYb8luQ_bAQo5gW7sJ9k_jmvX8
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=133886
x-cache: Miss from cloudfront
cache-tag: F-166715899454,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 86810
x-amz-id-2: r8qgyVow5AvZaNIX9VeMF10YBwwFoY1XYuBk5IAcO0TezXs9Rk6hoe3dV8mgdk8ncP9k2VJ/36k=
last-modified: Tue, 07 May 2024 20:11:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=crwp%2Bi9CSyZK%2FAs7%2Bdo7d66zXGDgrGkv3KYUHDrDOeGQZpqk550PSPp3EMwI9YGKPIizWSWRTFZ5Bgcad6k5hcA43gdb5Y3mXKZ8nlu0KqZGAkKl6xEmQP9dJnF7DqBchw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce66b149b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: qTRxD2yf6h0_Vm20S8W4Ddo8TKQnxp67PZdny5rLV9oVQWKQW0EciA==

GET
H3 200 FE-Video-Meet-Covalence-Cyber-Security-Made-Simple.jpg
fieldeffect.com/hubfs/ 49 KB
50 KB 1142ms
1140ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/FE-Video-Meet-Covalence-Cyber-Security-Made-Simple.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d705609a7da1575b4d4bb938000def4fc3f97dbb24716a424676bb2f18b1bd5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-92086456201,FD-92195486795,P-8376691,FLS-ALL
age: 223745
x-amz-request-id: 7V2MPY4AHEY018XT
x-amz-server-side-encryption: AES256
edge-cache-tag: F-92086456201,FD-92195486795,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="FE-Video-Meet-Covalence-Cyber-Security-Made-Simple.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "f085c494f748a251692be488700b9bdf"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1668716560073
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 98845fbd1cb14abbe9d464a4caf17976.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P8fxHT8.P2mSeIY855Rh.ws4zY0C6XW4
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=556593
x-cache: RefreshHit from cloudfront
cache-tag: F-92086456201,FD-92195486795,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 49742
x-amz-id-2: ZstIMrbORh1Z9Unru/NF4Hm6QYmzRY0KK+R/GJY2Ou8vKy3QyDB0LGQeHlf+K1Xj0RpTEfJ9TA2woc9JN3CwzrfOo+cJrD7Mne7ORYByZ2g=
last-modified: Wed, 22 May 2024 15:13:05 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pAwiF7HYIkJctfEpaOLmnt9k08fZMSrW7yESd3tgzXqaMx87oOLzGbVf2kWeht%2FY18jL4tNSGd6lAJaOx4UQmgjnIOqcr0vUgz7UaNp3USEdWRgVhRBsxAhNZlf9Caz0Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce67b1e9b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: g4xxyfAgFN9PXPSjJNVkTu8oNtVanNaoP43TW52y00TUjFiS_d3rXA==

GET
H3 200 FE-wordmark-light.svg
fieldeffect.com/hubfs/Field%20Effect%202024/Logos/ 2 KB
2 KB 101ms
99ms Image
image/svg+xml 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/Field%20Effect%202024/Logos/FE-wordmark-light.svg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46cec6034070fe1797cd1b93c36c74a6b84676a2c9fb4a51b5bcb5f595dc8b27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-168433707285,FD-166980893476,P-8376691,FLS-ALL
age: 1067893
x-amz-request-id: NHKP7HP343K1BWBS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-168433707285,FD-166980893476,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
etag: W/"9367c74c7251ea19d0b30226201617c2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1716585663255
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _HtxgHckG4FsND0fTRbhefmRNvfbzfhC
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-168433707285,FD-166980893476,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2lwQi5duCRpu8AQ/hP5pVecyuVNv7Vy/wqfXxlch24HqXN3q2Hg/dgjCC2wyhnbgH5Vq5Yu+aXsBTCi1OHbde0a+13tzMK5I
last-modified: Fri, 24 May 2024 21:21:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xms7QkfK%2B7kyOXbnV6ji0%2BtyWwRhwwhX8KxMkNtUcbGAB3kr%2F0gRmtoHWJ4SbVDFxadHTqPEc8E6hzTHNODmsaqyRWIdzKzQtaBFbi2UIejQFK%2Bp2IsjMNE6WcNaKq%2FZlA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce67b209b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: dNXVMqUbv13GiUI1ftAFusyB0mPlOl0nbybMGdFDxCg_CTtdCXwr_A==

GET
H3 200 tiny-slider.js Show response
cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.2/min/ 31 KB
12 KB 103ms
74ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.2/min/tiny-slider.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

080a485f94dee0e757572d6258ffb9faa1bf8876bef1aa5f60e15a81d54c4709

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 645214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11404
last-modified: Mon, 04 May 2020 16:17:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ffd-7bfa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQayCJwOACLfYA5meI1Lt%2BC%2BSF4VMkiPyrJDfZDlgy%2FergKxhdOF4UFzt262rad8iB%2BS2eMWNq15wzUqFbv4X6FrXXxNGdh%2FS%2F7k8dV5EnrUmXtHWNgXgR7YgPJrZgLGaffusRogfEaAFujDlio4WIPP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a05cce69b079c10-FRA
expires: Sun, 29 Jun 2025 05:09:10 GMT

GET
H2 200 aos.js Show response
unpkg.com/aos@2.3.1/dist/ 14 KB
6 KB 37ms
33ms Script
application/javascript 2606:4700::6811:f9cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10148944
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HRWFHAF8SKKDG260QG5VXNSB-fra
server: cloudflare
etag: "379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a05cce66fd44d6e-FRA

GET
H2 200 rellax.min.js Show response
cdn.jsdelivr.net/gh/dixonandmoe/rellax@master/ 7 KB
3 KB 102ms
36ms Script
application/javascript 2606:4700::6812:ba1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/dixonandmoe/rellax@master/rellax.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb17fd6899c7a1c9e6ae282ada120324605202725d179347f8ea1ee49d8f1e22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 33281
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2437
x-served-by: cache-fra-etou8220057-FRA, cache-lga21957-LGA
x-jsd-version-type: branch
server: cloudflare
etag: W/"1b78-2puV9gXjrtjKT9dQ2O+aic40igc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6OXbL2M3eRORjIvAqdYNZaicqa%2BxEJflYmsL4K3BqXh7M%2BNStjGcXkcwIdyLLkTCgnc00LUlpEVP27aOnNGwSgXy25PPEv0NXdmECqCLVhpEmursJjLTldr0tIEDyuQzm9%2FfaNuJGcrAFuUk7Nw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a05cce6dc0971b2-FRA

GET
H2

200

lottie-player.js Show response
unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/
Redirect Chain

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
https://unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js

371 KB
137 KB

31ms
30ms

Script
application/javascript

2606:4700::6811:f9cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Server

2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68b594d79a955d4237d365555d137be2842068c263d444f583556ee1f9a8cbc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 10157772
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HRW73W9E5N5JJGB816FPJ1CE-fra
server: cloudflare
etag: "5cd35-FL4z5R7jgfyHeGPFiEURHtF1scw"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a05cce6b8084d6e-FRA

Redirect headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J2AY80C0Y55Y0PEVD6HQBZTF-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 84
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8a05cce66fd54d6e-FRA

GET
H3 200 ScrollMagic.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/ 17 KB
6 KB 80ms
52ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.7/ScrollMagic.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1598709
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5437
last-modified: Mon, 04 May 2020 16:04:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03cf2-4416"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JD5XVKgDLjfWwjIec%2F%2Frl49arwT6ntcbv4rb9k85CJNn7wpMCoURF98%2BvBt%2F3oXbikN%2FCl0STWRnYqmirC2lKNtviYaeAs7E2DCqKr9CxPf6yYL0bkA1CevJARVK1ViTDi53PitYj%2FMwrAFlxegpnQ9E"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a05cce69b039c10-FRA
expires: Sun, 29 Jun 2025 05:09:10 GMT

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 100ms
32ms Script
application/javascript 2606:4700::6811:b05b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b05b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 18fab39b23fb6b3013058d6df5faf0bc.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 327563
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
server: cloudflare
etag: W/"26c40482b55a607cd44486a2958741d4"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecP3Wv4mKDGm4MtWp%2B9hzXdysY8us63rmLjlaF1mErb2vCUHgfRo1MKYkoUh2Pd2HXXjZOeJNV3koJbNfcoeroZyMeBf4lkiar2NiTl0f1XmW0neKWJyjZ884loHr4hXLRFEsa7YwIqraRmnDHws8Jtvgac%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a05cce6dbb6901e-FRA
x-amz-cf-id: lEGvwrTGJqZ2O6fxk0_3bnjSm4fK8__hUDVF23Uszs_fPcZWhCrfhQ==
expires: Wed, 09 Jul 2025 05:09:10 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 60ms
32ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 459782
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zg3ptP5xxHBjZAK2P7C7zhZJpMgVjsK7tTQNi1mpxbqE9V8g3o1wPejTjSsm1ap6jJ0Bc80P2eikbw3MN11bj1ipZFMhLKW7ZgBtY5sITn2bYf1zepwAmzhtcVMNFHeRtdJ%2FkaiuK7GNuP1FQTji2hB9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a05cce69b059c10-FRA
expires: Sun, 29 Jun 2025 05:09:10 GMT

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/ 11 KB
4 KB 59ms
32ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.2/jquery-migrate.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 632940
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3718
last-modified: Wed, 18 Nov 2020 00:51:42 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5fb4701e-2c03"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nwwj7R3XIkXxMNLT6OUthFu%2F4Gn%2FRhaveNyDPcnUEDolnm7LKq5myN4xvWtDW5Ab9u1dmEtjEVwP8UVP8xntLZjDXZA73TWWPSrn829Jhenyj%2FbT2JEjk3Tp8P4oeT71tK4tZhUOrzYLOad95ay8Tdjd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a05cce69b029c10-FRA
expires: Sun, 29 Jun 2025 05:09:10 GMT

GET
H3 200 main.min.js Show response
fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799642/1716820036285/FES_Website/js/ 14 KB
5 KB 87ms
84ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799642/1716820036285/FES_Website/js/main.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ab69e4200ed8a63d29d0966e179af0cc027fcffa9db4853b3e30ba47683d6ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2661
x-amz-request-id: 3ME7BC9R77Z95V4J
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"975a9e853c8e2592d371178a66520832"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1716820036604
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: APNuT9O2ybR3hM46QiTrFNlBYh8tP2eP
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 37b45249-c049-4d90-8f0c-032a6e72eca9
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 159
alt-svc: h3=":443"; ma=86400
x-amz-id-2: bHGdb7dasQpps6XgtzwP+YkCX8arIt19wIoUi5EuJHUxRXUfPjPV18U0lYZ4I0VG/s+7rygntXS8VLc4jJvF6fzg+FAUXkO33xnJzymosTc=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 37b45249-c049-4d90-8f0c-032a6e72eca9
last-modified: Mon, 27 May 2024 14:27:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cfWb8To41bGmOKPY2V5cl0Mmrvmu%2BC5pvYPYshP4iLsHq2LowjrNjzEfqPwRlf%2BP3r2s86E%2FIpRbJHcW4chQzgDx0fRLMrbSUiCSDqvsh7ezU1ZPviM8ZziPVG54Adi1AA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 8a05cce67b179b8c-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: 9dqUxgpQ6jMxrgnE_hd3aPEE9rJLx_yL_ts5SCym_UNnshEvs_X-Cg==

GET
H3 200 module_88459799557_top-menu-section.min.js Show response
fieldeffect.com/hs-fs/hub/8376691/hub_generated/module_assets/88459799557/1666036659703/ 10 KB
4 KB 87ms
84ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/module_assets/88459799557/1666036659703/module_88459799557_top-menu-section.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a625dd8b7eeb924d21443f059763ceefe2def98d2eb2d502ad854fd28c0b8669

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2662
x-amz-request-id: 3MBVYCGE2HVKRBS8
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"533e27c4eeffe7977ba6dacf1ec0df77"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1666036659703
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: I7fy2XBe6jxawJrfa7vJD6xmT3pJh3Yi
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e813863c-d25a-493f-b219-bcf2b5b6e0fd
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 155
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QQuDeTXllUEGeEnEr3MlQJovmW+lvDQDSz0r4u2l58U3rivafjO/cNzwGEemhrqdX7Y1wkL8Tsw8ISKf5UVcfmbLSXQr70m2
x-evy-trace-route-configuration: listener_https/all
x-request-id: e813863c-d25a-493f-b219-bcf2b5b6e0fd
last-modified: Mon, 17 Oct 2022 19:57:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mywl86fBYDbUIpksWsiOd%2F45A0ulw2wP5GulneMpBAFBeUD%2BOaMYQXRcH3EIoz%2FpIWt1nMKyAoEHEnG3YbosXIEra4bIKRBqR0bTIOxPU3DuQTxSucYTWUzaKGfzINfLMg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 8a05cce67b199b8c-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: YySFULrQwmhh_T5FxRcHAYTUjWUjWIhIMTClI5Mv--AI9mxgiQ4kcQ==

GET
H3 200 module_-2712622_Site_Search_Input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1720472847987/ 4 KB
2 KB 49ms
48ms Script
application/javascript 2606:4700::6812:593e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1720472847987/module_-2712622_Site_Search_Input.min.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:593e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: br
age: 28735
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f9134a973469f840bf03f740af92c65f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1720472847987
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: cb113db7-8a8a-4af7-9e6d-9e770024a6b8
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 122
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: cb113db7-8a8a-4af7-9e6d-9e770024a6b8
last-modified: Mon, 08 Jul 2024 21:07:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y1EhfudZ9X52GZDShJz6VsD8734pK5k%2BLAPyToKcp18BCwOPl31Ug9FfP5uMy9jHYNnO8Mi%2BdYINWSxVJ7EsvDbKnNLT%2Bt0R0pcGkct77fJ5XebhVlgJa7TQrhK7fIm6h9QHWuMrW9jAznIYKto%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7bc58b7fb6-g67cx
cf-ray: 8a05cce66aac39c7-FRA

GET
H3 200 module_88459799360_menu-section.min.js Show response
fieldeffect.com/hs-fs/hub/8376691/hub_generated/module_assets/88459799360/1666036642414/ 10 KB
4 KB 100ms
98ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/module_assets/88459799360/1666036642414/module_88459799360_menu-section.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7f0b3e94e955c82b7bce15572d9b6a75ccd1e01f8ad8b56dee077885d2277cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1762
x-amz-request-id: 3MBGNXM3ZGYPM2A3
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"a0bb309228977332b7973c8f6f8c13c2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1666036642414
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KnEBjzDSH5LR72vgWae5xrD6qgaVIE6e
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 8587d8ff-d822-4a4c-bcd2-9b2b80cf91e7
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 164
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vZMygqDUq7WqcgX1IJAAOrnXsXmlAYXLpr4GsTW/Y3Z8+zQOGDIxGIzNureiTc9WrlVB3nsyqkE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 8587d8ff-d822-4a4c-bcd2-9b2b80cf91e7
last-modified: Mon, 17 Oct 2022 19:57:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eqXGbuRPEr8kAEuDvOXH%2FOm6VMItQqZLGrTRmUyE9vu9jnDiAGrScSiaFBRpFdbJoCPKfUs0kWYyZMjRjkLGhtdw0kv0I1yl81lk2%2Fx%2Bsb96oRI6j1VlEKT%2Bw6aE8qOm2g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 8a05cce67b1a9b8c-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: q_vDlhqjFXBQY12UdxQ-0OBD6rDk4gHTLcu3vo_bmRhkQxjOYJt3gw==

GET
H3 200 module_88459798634_button-menu-section.min.js Show response
fieldeffect.com/hs-fs/hub/8376691/hub_generated/module_assets/88459798634/1666036562634/ 10 KB
4 KB 101ms
99ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/module_assets/88459798634/1666036562634/module_88459798634_button-menu-section.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50f99b82ed6cf98e786f43421f67d8aaa99a83323a0a9cc27b772f0e6fff5643

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1762
x-amz-request-id: 7BVWTAH159Z38SDD
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c73093d3fda7724a4f17058e0afc5088"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1666036562635
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PqkzSAZGv_4nblLKFkTG6pGRQWLcvYz6
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: af49eb1a-2268-419f-b4fb-1fdb948dc4a0
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lOoUGQ6XyjBuIk0AfXGaVI+IAhhoCHMW5JxghGVMqQUANQiI0KyTxY79HaPKa7qkm46EXW+0xSo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: af49eb1a-2268-419f-b4fb-1fdb948dc4a0
last-modified: Mon, 17 Oct 2022 19:56:03 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N06kT3W5bePdjjXhFk9dsmzCpfESqXgreI%2Fxf7G3924qZdX97O%2FeXQr%2FuOVK2BvZMGwbP%2F%2FeV95SG%2F4SSCHXA1nNR9%2FBk2pWc3XDkFjkCBgNZDUa5nIV9ImGQ4gNhvo%2BOw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials: false
cf-ray: 8a05cce67b1d9b8c-FRA
timing-allow-origin: fieldeffect.com
x-amz-cf-id: JvgFZjFDNImVgM7v4I_9i2fysSiPM2OSn8AmRLgCa3PE00lQ3fZ64A==

GET
H3 200 8376691.js Show response
fieldeffect.com/hs/scriptloader/ 2 KB
2 KB 163ms
162ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs/scriptloader/8376691.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c0260156c38097010d0872cf2f3399b2f91435e18d9ea6b4fc2ffddb2ff8475

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9bd499d3-3602-48c3-b85b-907663cc84e7
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 656
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9bd499d3-3602-48c3-b85b-907663cc84e7
last-modified: Tue, 09 Jul 2024 04:56:31 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://fieldeffect.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-94hvq
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ci6OSOp1g%2F61wmEHbqCC7ZjnhGDTYhFfOmLEnjSWZ6BqYnRsR36Zy%2BpG21sTNlVHPlu7Dhesi3c93VLFPaqjjZC3pwn%2BFVaKTEwKx4D6fEoFUxKGvRYnZqFQ%2BaKXz5aWHw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce67b219b8c-FRA
expires: Tue, 09 Jul 2024 05:10:40 GMT

GET
H3 200 index.js Show response
fieldeffect.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 107ms
106ms Script
application/javascript 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: gzip
via: 1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 9550531
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
content-security-policy: upgrade-insecure-requests
x-cache: Hit from cloudfront
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UE9N%2F%2BjV9EltybkJR3TEKIcZpoyxj0BAva9FEtUtwmQyRR52%2B8bs7wJnTkFppWkyGZx%2BwZ%2FacgffxP%2FjQgUC07z6kk2zDuyfqHaEl9AQL4NBYxBZZAPWlURhk45ymbQ5eg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8a05cce67b229b8c-FRA
x-amz-cf-id: LBGxxkuxmXbhcFaI-NR3fKwzXfE0BgYFZAIA9oCaZx8Z6HSTKhi43g==
expires: Wed, 09 Jul 2025 05:09:10 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 297 KB
102 KB 122ms
54ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K9PNFH2

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

407e49aad6318500c6ba945728009ef398b07832777d9828bf7fe8bf2720a101

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104331
x-xss-protection: 0
last-modified: Tue, 09 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jul 2024 05:09:10 GMT

GET
DATA 200
OK truncated
/ 304 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3690977a35c191d7d7f4760508961892c5bf9770268a383c8117b24184038be6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 304 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74ba745782c52cdc05aaca40f5b5c028885862e7cc0c1cba55b816494922ed65

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 FE-Blog-BG-1.jpg
fieldeffect.com/hubfs/Field%20Effect%202024/Banners/ 104 KB
106 KB 98ms
98ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hubfs/Field%20Effect%202024/Banners/FE-Blog-BG-1.jpg

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60d1213a81cce1bd06e43d798d2b64cc8eb3ac1dc7c787e4d5f886286b57216c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-168602650389,FD-166832402177,P-8376691,FLS-ALL
age: 159109
x-amz-request-id: 9JVF5VRFJV21EWVM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-168602650389,FD-166832402177,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="FE-Blog-BG-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "09e1f23835b7b6cc1f13f0e6658b21bf"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1716836527711
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 bf415345f613bc6a5ba7145bfc7b8da8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3euXBvLNOe.zeqnW6o.kz5CmWvucvjR0
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=299708
x-cache: RefreshHit from cloudfront
cache-tag: F-168602650389,FD-166832402177,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 106746
x-amz-id-2: grGgBaGDg0dOKUTX+v47NOqgOOraFy9wQ+m5d2etLkG9kWzfmpk0EH87SKl58/+I3aT7vvdpEH8=
last-modified: Fri, 28 Jun 2024 15:27:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nsz8kd2usZBtzazZqARqkWmYNHnJKDwQu1fq8cd%2BL1jJ5Uox2adwBu5DmyzHkLZpITNZTWoOdhyRiozXlYYDeCaGUDaEtvblvwsj7ha%2Btix19TWhXbpo4gn%2FXjO8fO6zhw%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce67b289b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: h5l1m3jvb3oJhg3FDlCYdH7pxbZQsCNTF2sYr_5Hzp1OCOgAswqYag==

GET
H3 200 AzoSans-Regular.woff
get.fieldeffect.com/hubfs/Field%20Effect/Font/ 26 KB
27 KB 308ms
81ms Font
application/font-woff 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://get.fieldeffect.com/hubfs/Field%20Effect/Font/AzoSans-Regular.woff

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

04161e486133cc920594f0db34c671cf8fccb2f77c52ae370c5cfdd9cddbb8ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://fieldeffect.com/
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-50064378765,FD-46542404122,P-8376691,FLS-ALL
age: 548430
x-amz-request-id: 162P1ZCYPXFMYM7Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-50064378765,FD-46542404122,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"99d17097c4be09f8a62c3e806f91278b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1625255208349
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 99a0678067c9afa5ffc6dde34b960d40.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kW2Bs0SITeCL6Eyjwjv7i2tUAy8o4ZVs
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-50064378765,FD-46542404122,P-8376691,FLS-ALL
x-amz-meta-index-tag: none
alt-svc: h3=":443"; ma=86400
x-amz-id-2: rnrE82fITDY5JqUcGhSoR7R8K9/yqQCZsBZyGNiptp707cCzFiLEHHohLiKOlEVHhikJ+OBX5H0=
last-modified: Fri, 02 Jul 2021 19:48:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbHliWcW008kuQb%2BWMKevozKUwN4hZfh%2Bhn3MIiW0FeGMw15OcQt%2F%2FPFLiD4biisL6AQmHn%2FTcFbR8HWpbOba4FJrJyUP%2Bq8i8zLEdicPy730mr1M481nTSl4LRyme%2B5E%2FzIQBHDgw6mNi0LAXKMtZk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce81cb49066-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: pBPUoxfrHCU7eUzTBkPh4DojW1FFcix9H1Le6r8LqrSDPIc-5vGZzQ==

GET
H3 200 Aventa-Bold.woff
get.fieldeffect.com/hubfs/Field%20Effect/Font/Aventa/ 31 KB
33 KB 329ms
102ms Font
application/font-woff 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://get.fieldeffect.com/hubfs/Field%20Effect/Font/Aventa/Aventa-Bold.woff

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a04b3fb2da61d25730381475b77301c784794c854e38eb43f7154a91cc86344e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://fieldeffect.com/
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-121916573505,FD-121932238970,P-8376691,FLS-ALL
age: 1070201
x-amz-request-id: 0QPW6F9G0S4CT6K1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121916573505,FD-121932238970,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3cbfcb1d87e28b58ff88c3b67f5ea83a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687463255095
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 4f2a14569b371893f3851a804b6ae8dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: kgIW1RnxPVo6a63CSGHz8JO4JURErif5
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-121916573505,FD-121932238970,P-8376691,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: p/VRHUmUBpzfHjjVCeraWFQ33esDSAiozR6dsDdFm2wkt15/gGCCQ5RbkgwGW8KVUGEZtMLs+/U=
last-modified: Thu, 22 Jun 2023 19:47:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxlOu6Ef0hGrlTg8FeFm41a1VNZXjeWp2BNkZj19xzCAOutr0FIZl5kMciRCplsPYPQhLc8I%2BYZ1CXgk%2FluxIvlEDvLe8O3Q3JwB3Xg9nmyNB8rFROrGtSieL7qQfTJnQwpvnPQ74W6qRgnnaoNkwM8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce81cb69066-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: M9i_dcpIFigwKWNYy5pXvfOcr9583BXPpx8vvp1tPAQOABL-yzyQVg==

GET
H3 200 AkkuratMonoLLWeb-Bold.woff2
get.fieldeffect.com/hubfs/Field%20Effect/Font/ 35 KB
37 KB 350ms
123ms Font
application/font-woff2 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://get.fieldeffect.com/hubfs/Field%20Effect/Font/AkkuratMonoLLWeb-Bold.woff2

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

547e6b7bb1236db2f1b7c783bfde93fb5b739d25a3b2667d786c84536f62751b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://fieldeffect.com/
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-75537359981,FD-46542404122,P-8376691,FLS-ALL
age: 1061252
x-amz-request-id: MPV2CG3BST4T7C3H
x-amz-server-side-encryption: AES256
edge-cache-tag: F-75537359981,FD-46542404122,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "419cfb3c55f67063ffbe8e7044e184b1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1654549102379
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: v3demP6FhkYT8u4FjspJWePCo6D5NIuA
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-75537359981,FD-46542404122,P-8376691,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 36061
x-amz-id-2: xhlJ3hCIGLpmlrqgf5DrJ3y8wNSHF0RD+XvNRli47l8sapS7c+m6laOdqwpNE/3/fYeP3MgViiutFGR3e9LslqHnQZzlsy0JYzodw66vYyQ=
last-modified: Mon, 06 Jun 2022 20:58:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4VsoGlHTQxK816e2Vb3D5bdllkGnnCPiD733Ocpiy3MQBk7eVALIZw0XOMSsY5wijk7CGx%2ByHoGs3B7pCYZzdB6nRoy9t7e7zqTYpmeh%2FGKU6T81avk935wJPpdC71jgjd0pVTKhLK%2BVkmYWfsq7L8%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05cce81cba9066-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: b9mitgyIXeBRhfeXDfToyD150jbMA7ckwOWXGuGpOK5hc0AU1lJaLw==

GET
H3 200 AzoSans-Medium.woff
get.fieldeffect.com/hubfs/Field%20Effect/Font/ 26 KB
27 KB 349ms
123ms Font
application/font-woff 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://get.fieldeffect.com/hubfs/Field%20Effect/Font/AzoSans-Medium.woff

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4d54be775dcbe5b184f6bc4793d5e1c7108c126cbff61996208f0d95e8ca162

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://fieldeffect.com/
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-50065305704,FD-46542404122,P-8376691,FLS-ALL
age: 1067855
x-amz-request-id: 0QPRA23F360JXP7H
x-amz-server-side-encryption: AES256
edge-cache-tag: F-50065305704,FD-46542404122,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"0ea6f6946958683f47a5a676bd5a884b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1625255208042
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 88fd4dc311317996718ed4ed98e5cbda.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YRrdcP7xyx2feq4OwBZjkuvWxUc6F_aO
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-50065305704,FD-46542404122,P-8376691,FLS-ALL
x-amz-meta-index-tag: none
alt-svc: h3=":443"; ma=86400
x-amz-id-2: u+FUStmxuDYJBmf/OsmgyOkQjxl9SasHmZv5X4Cas2PMsWDhrZsaWw18KPOquApkYTZOJpp/5NbZ8liIC1boEA==
last-modified: Fri, 02 Jul 2021 19:47:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0B%2BAvy2mcgSiybPE5dj85z3V%2FI7ErsSeWHypTDEOf02CFe092fMgmY2K2Rhwo6Vg5Er1wphXUHkquGmgX8RTAZ5wUMdJCrt4uAiGfAediBkaRmlIItL7CZwescPqLcwWn%2B9qezPcjDar0Wb%2FlPPnaZk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce81cb99066-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: j7ljUZlcYfGO8ek-h87SfWjHGzMgubYzqth4GepAfqo7JrRAVJ55hA==

GET
H3 200 AzoSans-Italic.woff
get.fieldeffect.com/hubfs/Field%20Effect/Font/ 26 KB
27 KB 287ms
60ms Font
application/font-woff 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://get.fieldeffect.com/hubfs/Field%20Effect/Font/AzoSans-Italic.woff

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs-fs/hub/8376691/hub_generated/template_assets/88459799630/1716844093298/FES_Website/css/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f66067e2a27bb43ee565e99e2443c730566de52f3f9620bfaf8a2256802aec3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://fieldeffect.com/
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-50065269867,FD-46542404122,P-8376691,FLS-ALL
age: 1056985
x-amz-request-id: MPV9PFZNSKBJ2W4M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-50065269867,FD-46542404122,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"55198f8ae48b0123cd8c3be083edb121"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1625255207238
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 8da78542dac6b4328eb443200c30bbfe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2mHXePRo6k7JsPwTdvwdbqK10JitCPhB
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-50065269867,FD-46542404122,P-8376691,FLS-ALL
x-amz-meta-index-tag: none
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MKkPV7y3kvwkyTZQN5rf4BLgtbLiHIqPvJcqix96DnqIWPRYJhpszlgqcZE2XxLPcw21oaVyvjI=
last-modified: Fri, 02 Jul 2021 19:48:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wMmkOdwk2WdeRkWPgocnybtwVuTY1goOPZY0Oy2hckjDu8Dr8OuS5MxBRC7PqZOYYTPBncLEATpdzd1RWy2uZNZHJxuASHdd1WLbnD6%2Fd3G9uVuNpIDMe6O9MXZ2cojbdpsm2JzzF1OArBIOeRkT3s%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce81cb79066-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: NIkAxtRe_uTShZIQAeFnpU_7jFsoay13kcCXmZTr8u4eoAl43ZiHbg==

GET
H3 200 axios%20website.png
fieldeffect.com/hs-fs/hubfs/ 57 KB
58 KB 69ms
69ms Image
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fieldeffect.com/hs-fs/hubfs/axios%20website.png?width=1912&height=1106&name=axios%20website.png

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0771d9c32e20a214df47dad110ac08814699b20fb7985ff037c5cdf4dbab71c9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 b08e1d433d62b5ab056680968a8cc7ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172208709515,P-8376691,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 58644
cf-resized: internal=ok/h q=0 n=17+96 c=0+0 v=2024.6.0 l=58644
last-modified: Fri, 05 Jul 2024 17:47:10 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cf3-Wi3d3XkQo-W9isg--CkObnsSHJDvd5wP6GAa7rDQ:7285c2c9daecc70cfd13f988c2429f40"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AruerRdFlsACg8rpv0PfD14t1IippdwuakOjGGqkDR9hUGzuffWVgiLaVoKNGmVxyYiJp9hjBDq%2BA2%2F%2FHdJtzZFW9rh9rjtrg%2BsEXF4R0%2FAUfZ93QCK85ge9mv82FJssDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8a05cce6bb519b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 json Show response
fieldeffect.com/_hcms/forms/embed/v3/form/8376691/d66f1360-3bc5-4948-9a84-a469b0298fe7/ 8 KB
4 KB 172ms
172ms XHR
application/json 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/_hcms/forms/embed/v3/form/8376691/d66f1360-3bc5-4948-9a84-a469b0298fe7/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

398e07031797441bf4d98bb6d279a51ed2c89ed1edb24746413d4e83475adfeb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b1c30ee4-2415-4d1c-8a1e-fa7e53315398
content-security-policy: upgrade-insecure-requests
x-envoy-upstream-service-time: 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b1c30ee4-2415-4d1c-8a1e-fa7e53315398
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-fr5m6
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSqfqsVb2oEvGKyNgjJMY0VZSFHbOUURYU22pAUgI58BOfzWNs3Rl5EMKWPm5MkREMLeKWUTZoFSFacoeYwe1%2FIwic3Ayh8q2t%2B7Fm8rdQVKd3SfkMRMM3yH0aQ2Oh3YVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce7dc5d9b8c-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
4 KB 80ms
24ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3f7fef0f9eb9a243d5f0624cb7b21e214456b086a73a913238c756c010f6fd20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 09 Jul 2024 05:09:11 GMT
content-md5: 11oElq+naGSFDUEd4phVEg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1328, tbw=2812, tp=-1, tpl=-1, uplat=1, ullat=-1
x-fb-debug: OYVYCcF66E6UHQxT9DPaM4Lrau47gT3Hugh8HGSoG7xB45zMIFMdIRBCbzUc2lpHX2ZUu58GlmcXZxYudPBPkQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 0d50518c4c66dadeb40c13a30c09538c
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "700a809e3c1a5f10de0eed98990744e5"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 09 Jul 2024 05:18:13 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 111ms
22ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 05:09:11 GMT
Content-Encoding: gzip
Age: 1051
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6760)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 8376691.js Show response
js.hs-banner.com/ 62 KB
19 KB 401ms
333ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/8376691.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/hs/scriptloader/8376691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb9b5ee0aadf6649018956ebe3b18bddbcff0e7a41c9dedadf1e9dbe5498a5e0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-amz-version-id: 8LNx8cQ1zMwXa9DQG4pdvT4Mh6IOCkkA
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: C286FNKSS05TWPH3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 9fe52797-e9e2-4c5b-8ab5-e9fb86348ca4
x-envoy-upstream-service-time: 20
x-amz-id-2: iRYEfuACsbfgpusbKTLgduK6vr0/FCNA43e167+O08W3WlB2gYmjm2qksyceZY42x6bo8TgvE41OaxhaqNXThMojuADOqLrn
x-evy-trace-listener: listener_https
x-request-id: 9fe52797-e9e2-4c5b-8ab5-e9fb86348ca4
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 29 Mar 2024 16:34:50 GMT
server: cloudflare
etag: W/"71acb33229deb56658913c39a4f7e295"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://fieldeffect.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-647fb
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8a05cce85ef96937-FRA
expires: Tue, 09 Jul 2024 05:14:11 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 85 KB
24 KB 101ms
34ms Script
application/javascript 2606:4700::6810:4c8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs/scriptloader/8376691.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4c8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

753b5d77684b20581dddd43b3a944bca93a44da9e6dee0c8232ca6ed8a40ead5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-amz-version-id: yFTRQFC1g6ZpuTIoktepwBCyrzt6F_8h
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 104
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16706/bundles/project.js&cfRay=8a05ca5e2b234dba-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: d2630605-dfd5-40d8-a29c-a5d5ab4e2593
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d2630605-dfd5-40d8-a29c-a5d5ab4e2593
last-modified: Fri, 21 Jun 2024 14:34:54 UTC
server: cloudflare
etag: W/"d5ed42fdc505d7812288ee600abec355"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-jxxbv
cf-ray: 8a05cce85ab69042-FRA
x-amz-cf-id: ITcWiCLRStyz7vGvS6K3WIU1DuGBcmTazhQHyCBA499BODOV6xlksA==
x-hs-target-asset: conversations-embed/static-1.16706/bundles/project.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
24 KB 206ms
144ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs/scriptloader/8376691.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab1fca31f7e7a89c198881e69c42c6bb3578b7d55f2cee7463b96360feaf7eaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1194/bundles/project.js&cfRay=8a05cce84d28a022-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"50f2e99c1f025777ca05bdae3cfcf91d"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1194/bundles/project.js
date: Tue, 09 Jul 2024 05:09:11 GMT
x-amz-version-id: MDb_7hFyElKIrRJmReYAEj96Es7nef4a
x-content-type-options: nosniff
cf-cache-status: EXPIRED
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 7526339f-213b-4d2e-924b-2a162b5440b6
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 10
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7526339f-213b-4d2e-924b-2a162b5440b6
last-modified: Thu, 20 Jun 2024 14:37:30 UTC
server: cloudflare
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y6QHyrn%2FzgmFjL6aq%2BxWopxN4qE9PdwR0M1fQYPjIk%2Fe%2BDCMerWtt9JYvsjvsj8TgZZTjR7mzsbDjrU3e1u%2Ba4mj1mAb%2B9F7u0OiP0zm0y6wwXLfDucdoCa%2F%2BQds3Dt8y3hjIwjXisnI8IU2"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-csnpm
cf-ray: 8a05cce84d28a022-FRA
x-amz-cf-id: eFJgJWLvvKi2lWqQkvv08tTfWMKRLMphsABn3zLjHo-ZVxDOhBkmcw==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 98ms
35ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs/scriptloader/8376691.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-amz-version-id: 7Zz_oLsqoY3yHsxt9nM5YRwsj1MKwqFV
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 535
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.565/bundles/pixels-release.js&cfRay=8a05bfdb28d35d70-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 2ddef77c-3aba-4f8d-b25a-e89604711f5a
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2ddef77c-3aba-4f8d-b25a-e89604711f5a
last-modified: Tue, 18 Jun 2024 12:46:30 UTC
server: cloudflare
etag: W/"b233ea75981268a81228cd819e8fd5eb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-csnpm
cf-ray: 8a05cce84da55d73-FRA
x-amz-cf-id: BJgK_FszPsFq7VPeBeeq_sGsJqAKoaoNHT7xSfTucq4vvmG8QmxpzA==
x-hs-target-asset: adsscriptloaderstatic/static-1.565/bundles/pixels-release.js

GET
H2 200 8376691.js Show response
js.hs-analytics.net/analytics/1720501500000/ 68 KB
24 KB 210ms
150ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1720501500000/8376691.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/hs/scriptloader/8376691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ee4d72cfa92d6e177c2b50e36c23bf887bb5ee4e7c503e275eaeec023292518

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: FS653TG3R47363M8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e2a0d3c8-a45c-4285-a012-0241efd44f4b
x-envoy-upstream-service-time: 25
x-amz-id-2: tERjqOaLt1pvsArcL1S/NNfEWT/YiLayC6w3kMdNrX3u06Wj4/TmR/W2H1ZxwSAZYMr4rLqz7Zuo50/VCyLN5tthsBddCIG25TF8nkGU/hs=
x-evy-trace-listener: listener_https
x-request-id: e2a0d3c8-a45c-4285-a012-0241efd44f4b
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 21 Jun 2024 21:15:16 GMT
server: cloudflare
etag: W/"8e0d171b2687fb40b11bf6bb4f11bfc1"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-w85d2
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8a05cce84978973d-FRA
expires: Tue, 09 Jul 2024 05:14:11 GMT

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 254ms
193ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=8376691

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8726f273-20c2-4764-8ca3-6313a6097a77
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8a05cce84a798f31&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 8726f273-20c2-4764-8ca3-6313a6097a77
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://fieldeffect.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-65f7f7c749-kt4hg
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8a05cce84a798f31-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 300 KB
101 KB 56ms
54ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0ENCPYR9WR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9PNFH2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4558ceef5eb47f7548acb78c26f29d48a4e5424d5797e3a636f157904a324d17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jul 2024 05:09:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 329 KB
106 KB 79ms
79ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7GMNMPVH3D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9PNFH2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

88edb9eacd4acd1da8317a7d0b42102b306cbaf845dee134b1b8ae301c07fda6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 108280
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jul 2024 05:09:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 84ms
22ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9PNFH2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 09 Jul 2024 03:41:01 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5290
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 09 Jul 2024 05:41:01 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 97ms
24ms Script
application/javascript 2a02:26f0:480:15::213:7e4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9PNFH2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:15::213:7e4a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=38494
accept-ranges: bytes
content-length: 14004

GET
H2 200 h5hm262szw Show response
www.clarity.ms/tag/ 688 B
1 KB 276ms
169ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/h5hm262szw?ref=gtm
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K9PNFH2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c7592ffb4f9f7fe5c31c307e1325ed498e6ba3fface6c47bef29c2742e835bc3

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: -1
date: Tue, 09 Jul 2024 05:09:11 GMT
x-azure-ref: 20240709T050911Z-17c86fbf54dsjtt2ff5at8zb3s00000001200000000035uz
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 688
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 222 KB
58 KB 23ms
22ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 09 Jul 2024 05:09:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58293
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1328, tbw=6605, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: v1EV3KQk6I8iSVh82uyutE7MCXq0Kuma3N1pBGiOWSnmQFxnJWR0sIZ9+o4nsDV4UoLNgNJqDVZ4JeNelhDdUA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 116ms
34ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220152-FRA

GET
H2 200 1009461.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 168ms
106ms Script
text/javascript 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1009461.js?p=https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb9e0125248670801eaca7518e5a90b2227b0842510a248c5824b2ccab00c59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
content-disposition: inline
x-xss-protection: 0
referrer-policy: no-referrer
server: cloudflare
cross-origin-opener-policy: same-origin
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cf-ray: 8a05cce8e9a503a6-FRA

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 585ms
190ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 05:09:11 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 117ms
22ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

74dcc1eb2c6f66c23a2fcafd5aeeae1bc9f6570346cd243ba075a4f5ba130dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 Jun 2024 00:42:44 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "666b9204-1099c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18327
expires: Tue, 09 Jul 2024 05:09:11 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 299 KB
86 KB 48ms
23ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=c4483ecc581d0f3bfe698c0c7dc71edb

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8a120f192756fe1c031a5f91ddce5468fdf85f82d49ae97d013184d2527f192c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 09 Jul 2024 05:09:11 GMT
content-md5: eded1u8v2pPYZlg0OASFIw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87609
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=23, mss=1232, tbw=4321, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: H6lv6ehjt/2VlXXYVOJ9N00nL6TD8GtBwuXsrYWkL4aepbV0HvQxRefZPpT75YSh2eKOphwd4lLBeBNHL0C1ug==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: c1740576509a95bea3f9d4096f3183cf
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "ba6f4f2a73e1592d5b49d9d837126765"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Wed, 09 Jul 2025 04:39:53 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 1D4D 0
0 84ms
22ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Ffieldeffect.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 9159420
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 09 Jul 2024 05:09:11 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 widget Show response
fieldeffect.com/_hcms/livechat/ 331 B
1 KB 169ms
169ms XHR
application/json 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/_hcms/livechat/widget?portalId=8376691&conversations-embed=static-1.16706&mobile=false&messagesUtk=95e86ace691b42ae86f26ce59b71dcf9&traceId=95e86ace691b42ae86f26ce59b71dcf9

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

251bc4dac068150964b18443047be6b42cfc980b3c0ca8343703d30222db9c7b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
X-HubSpot-Messages-Uri: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign#6e2eyj9
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 74f83f95-16d3-46a1-b4dd-b55a8c23dbc8
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 74f83f95-16d3-46a1-b4dd-b55a8c23dbc8
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-7dd59b876-t97p5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J8LlO22KnOmnxDQ6jP8ePCz17kajlOssMENrkbZLlKQASCerRF003olSFN5Y8O4S728OGhAlZ5EHW%2BrVzwKlAiIwICrr0L%2Fkam1yXMmpSBO%2BopJUeVuZaJJcfPOVHdlr7w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8a05cce8cd4f9b8c-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 1291944001010143 Show response
connect.facebook.net/signals/config/ 72 KB
15 KB 93ms
92ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1291944001010143?v=2.9.160&r=stable&domain=fieldeffect.com&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e0dd134369437980e757ce931cfbbeca66ba8216e801dc31cc4914bca1e5b247

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 09 Jul 2024 05:09:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=69, mss=1328, tbw=65985, tp=-1, tpl=-1, uplat=70, ullat=0
pragma: public
x-fb-debug: iXdM9+72aC7MIBP/sE5J/6PpwrELWtAPYvIkduTsBEVV9bhtMP/MHpsPA1jHyNObe2amVvOc4Je1SX2TeE21Nw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
883 B 163ms
126ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d752f933-ded0-47da-a852-43873994cda7
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d752f933-ded0-47da-a852-43873994cda7
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-jxrsm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a05cce96a396ae0-FRA

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 87ms
29ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0ENCPYR9WR&gtm=45je4730v889260120z8889260465za200zb889260465&_p=1720501750601&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=1044039503.1720501751&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720501751&sct=1&seg=0&dl=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign&dt=Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=887&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0ENCPYR9WR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fieldeffect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
208 B 34ms
31ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=63051732&t=pageview&_s=1&dl=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign&ul=de-de&de=UTF-8&dt=Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=205894071&gjid=1240954508&cid=1044039503.1720501751&tid=UA-90332558-1&_gid=1551595560.1720501751&_r=1&_slc=1&gtm=45He4730n81K9PNFH2v889260465za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=1244633036

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fieldeffect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 83ms
33ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_70dd42d2_5a1a_41ef_a063_80e7c5cf5f2f&render=explicit&hl=en

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f001992caedc1d614ce3526a993abecffc597ee0a1483221a56aac3c36b60f40

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 09 Jul 2024 05:09:11 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 43ms
28ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7GMNMPVH3D&gtm=45je4730v870896825z8889260465za200zb889260465&_p=1720501750601&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1044039503.1720501751&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720501751&sct=1&seg=0&dl=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign&dt=Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign&en=page_view&_fv=1&_ss=1&tfd=998&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7GMNMPVH3D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fieldeffect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 130ms
32ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-7GMNMPVH3D&cid=1044039503.1720501751&gtm=45je4730v870896825z8889260465za200zb889260465&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7GMNMPVH3D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fieldeffect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 68ms
35ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7GMNMPVH3D&cid=1044039503.1720501751&gtm=45je4730v870896825z8889260465za200zb889260465&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&z=1087354977

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1 KB 366ms
311ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"priority":"0","trigger_data":"4"}],"filters":[{"c":["266797774"]},{"c":["256106226"]},{"c":["251542396"]},{"c":["208362586"]},{"c":["208362556"]}],"debug_key":"4254740"}
content-encoding: gzip
date: Tue, 09 Jul 2024 05:09:10 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 58F6006528FA4E0F95F4C463F36C7287 Ref B: FRAEDGE2007 Ref C: 2024-07-09T05:09:11Z
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYcyYe8m7pvpYk9dEPwRw==
x-fs-uuid: 00061cc987bc9bba6fa5893d7443f047

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&e_ip...

0
264 B

355ms
265ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&e_ipv6=AQI45geazunxxQAAAZCV5U8SzJEaCg9ChFHrEF8sPD5gEBh8q9dl_ONRC6zJGXkHWTGqZmt3aMNGXKDsWpcDIlZ2y3DRBg
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B36BEBF22AC24773A52F9F38D9F15E2D Ref B: FRAEDGE1505 Ref C: 2024-07-09T05:09:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYcyYfCdtUS1WsAPeSrBg==

Redirect headers

date: Tue, 09 Jul 2024 05:09:10 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 995F74DA6BF746899D94B29D6A6E0B59 Ref B: FRAEDGE2014 Ref C: 2024-07-09T05:09:11Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2007132&time=1720501751391&url=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&e_ipv6=AQI45geazunxxQAAAZCV5U8SzJEaCg9ChFHrEF8sPD5gEBh8q9dl_ONRC6zJGXkHWTGqZmt3aMNGXKDsWpcDIlZ2y3DRBg
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYcyYe8diqnqZo93poDbA==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
348 B 116ms
30ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-90332558-1&cid=1044039503.1720501751&jid=205894071&gjid=1240954508&_gid=1551595560.1720501751&npa=1&_u=YADAAEAAAAAAACAAI~&z=1275201555

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://fieldeffect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
538 B 136ms
135ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2500aa62-4d94-4969-8286-d56b553be11d
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2500aa62-4d94-4969-8286-d56b553be11d
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-x87g5
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8a05ccea5ae76ae0-FRA

GET
H2 200 adsct
t.co/1/i/ 43 B
375 B 255ms
154ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=66813555-a8bc-4a11-af2e-577c78ac37a4&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5a48d78-ba35-4720-a48f-2f4086fc415a&tw_document_href=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&tw_iframe_status=0&txn_id=o4obv&type=javascript&version=2.3.30

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 102
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: dff162225a51e0bb
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: c41861caef92fb33ffae051ff1e7bac4317d3637f522e6550334cc266e5350ba
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
723 B 288ms
214ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=66813555-a8bc-4a11-af2e-577c78ac37a4&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5a48d78-ba35-4720-a48f-2f4086fc415a&tw_document_href=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&tw_iframe_status=0&txn_id=o4obv&type=javascript&version=2.3.30

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 190
date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: d2d46bfe69e9a725
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: e47ab252ddcf47fcafcaa362c7787605088fc081aba44994280b47a0a875b73d
content-length: 43

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 842 B
1 KB 172ms
163ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8376691&currentUrl=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&contentId=172198427572

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f42e70cbe23d39deb4062845aeddc5a99c57d5ff64ddeff78cbdec8b72cebba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: aac7579e-a96e-4a6c-8fb3-5377e5d247e8
x-envoy-upstream-service-time: 32
content-length: 519
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: aac7579e-a96e-4a6c-8fb3-5377e5d247e8
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://fieldeffect.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMMIo%2BPQXvyQ04kHnjFDpf7k5%2B5gawDhs58rq03Jrd4C%2FsZHl0qzHlfLFg3S8464VHDzHz0w7FDoMhf8HkDsvyG8byl8s7FpbHVeMbSPlpvnWiLmXByITBGIkjtRUBlil777sQtwgDY3ykR5u%2Fd%2B6DZMR20nLrEPGbM%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8a05ccea8f07a022-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvlc

GET
H2 200 / Show response
c.6sc.co/ 7 B
192 B 48ms
22ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://fieldeffect.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
336 B 91ms
23ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5a7aa7b9163f21333a3bb48a27c1566941d2090ed5900995f65c3f7cea9e48ae

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://fieldeffect.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:1010:2:1012:e081:1741:fb17
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1720501751484_34603374_1157285872_21_883_20_26_219";dur=1
content-length: 36
expires: Tue, 09 Jul 2024 05:09:11 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 126ms
118ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:11 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 123ms
115ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22972c3fcb77803beb43910341243b535c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22Ask-your-CSM-for-a-token%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:11 GMT

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 136ms
134ms Ping
text/html 2606:4700::6812:1fb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1009461.js?p=https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynxZompzYAF1clW1R

Response headers

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 78ms
22ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1291944001010143&ev=PageView&dl=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&rl=&if=false&ts=1720501751464&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720501751459.242053432798179631&cs_est=true&ler=empty&cdl=API_unavailable&it=1720501751194&coo=false&rqm=GET

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1328, tbw=2802, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 09 Jul 2024 05:09:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 254ms
198ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1291944001010143&ev=PageView&dl=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&rl=&if=false&ts=1720501751464&sw=1600&sh=1200&v=2.9.160&r=stable&ec=0&o=4126&fbp=fb.1.1720501751459.242053432798179631&cs_est=true&ler=empty&cdl=API_unavailable&it=1720501751194&coo=false&rqm=FGET

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x5d0a2ecf69892315","source_keys":["1","2"]},{"key_piece":"0xb71698ced7df6026","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Tue, 09 Jul 2024 05:09:11 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7389498755317099170", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1328, tbw=3120, tp=-1, tpl=-1, uplat=175, ullat=0
pragma: no-cache
x-fb-debug: IvxKoFBHY6nvqjpw8r2EInMfghxBAVrj7QwKShAGwgIEWN8wDbxzbRRnSEYgu3jtb04jVABr+ad7eQga1HV4Dw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7389498755317099170"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.32/ 61 KB
26 KB 47ms
47ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/h5hm262szw?ref=gtm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
content-encoding: br
last-modified: Fri, 10 May 2024 17:30:20 GMT
etag: W/"0x8DC7116DE09E645"
vary: Accept-Encoding
x-azure-ref: 20240709T050911Z-17c86fbf54dsjtt2ff5at8zb3s00000001200000000035vu
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 3a449fa1-701e-0001-30bc-d07107000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 534 KB
212 KB 85ms
23ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_70dd42d2_5a1a_41ef_a063_80e7c5cf5f2f&render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Origin: https://fieldeffect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 23:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20020
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 216123
x-xss-protection: 0
last-modified: Sun, 23 Jun 2024 08:01:07 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 08 Jul 2025 23:35:31 GMT

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
174 B 151ms
149ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/8376691.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: adc337c6-cc8c-4354-877e-f2f854798250
x-envoy-upstream-service-time: 25
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: adc337c6-cc8c-4354-877e-f2f854798250
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://fieldeffect.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-647fb
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8a05ccebe8839f12-FRA

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 172ms
126ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://fieldeffect.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8a05cceb1ff79f12-FRA
content-length: 0
content-type: application/octet-stream
date: Tue, 09 Jul 2024 05:09:11 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-w85d2
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: d1fac47c-0971-49ca-a8b2-24505a12fa87
x-request-id: d1fac47c-0971-49ca-a8b2-24505a12fa87

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 35ms
35ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-90332558-1&cid=1044039503.1720501751&jid=205894071&npa=1&_u=YADAAEAAAAAAACAAI~&z=495311409

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 33ms
33ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-90332558-1&cid=1044039503.1720501751&jid=205894071&npa=1&_u=YADAAEAAAAAAACAAI~&z=495311409

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 116ms
115ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A2%3A1012%3Ae081%3A1741%3Afb17%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:11 GMT

GET
H2 401 details Show response
epsilon.6sense.com/v3/company/ 42 B
329 B 191ms
148ms XHR
application/json 52.29.221.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.221.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-221-165.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7d23a3cba9c9e734b155c86294109c51ccd1b340b990dda6616427ba39b988db

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Authorization: Token Ask-your-CSM-for-a-token
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 972c3fcb77803beb43910341243b535c

Response headers

x-trace-id: 5608306625830354408
date: Tue, 09 Jul 2024 05:09:11 GMT
server: nginx
vary: Origin
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 42

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 86ms
24ms Preflight 52.29.221.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.221.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-221-165.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://fieldeffect.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 09 Jul 2024 05:09:11 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 5951253669915852115

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
582 B 150ms
142ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f4d953ce-54bf-48f4-a0c1-1a1c2850d1c5
x-envoy-upstream-service-time: 13
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f4d953ce-54bf-48f4-a0c1-1a1c2850d1c5
last-modified: Tue, 09 Jul 2024 05:09:11 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-njspp
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8a05cceb9bd76ae0-FRA

GET
H3 200 hs-web-interactive-8376691-156017758343
fieldeffect-8376691.hs-sites.com/ Frame 4FBF 0
0 328ms
296ms Document
text/html 2606:4700::6812:e072
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect-8376691.hs-sites.com/hs-web-interactive-8376691-156017758343

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e072 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10,max-age=5
cache-tag: CT-156017758343,P-8376691,PGS-ALL,SW-4
cf-cache-status: HIT
cf-ray: 8a05ccebccda4d44-FRA
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 09 Jul 2024 05:09:11 GMT
edge-cache-tag: CT-156017758343,P-8376691,PGS-ALL,SW-4
last-modified: Tue, 09 Jul 2024 05:09:02 GMT
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 91
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-hs-sites-td/envoy-proxy-85868dbdc9-78xnj
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-10s
x-hs-content-campaign-id: 5f07afdc-102e-46e4-87dc-53b0b3f6d3a7
x-hs-content-id: 156017758343
x-hs-hub-id: 8376691
x-hubspot-correlation-id: 1b2f61a7-be33-408a-9dcc-85760fc0552f
x-request-id: 1b2f61a7-be33-408a-9dcc-85760fc0552f
x-robots-tag: none

POST
H/1.1 204
No Content collect Show response
n.clarity.ms/ 0
279 B 567ms
280ms XHR
text/plain 172.175.234.12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.234.12 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://fieldeffect.com
Date: Tue, 09 Jul 2024 05:09:12 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 0A7F 0
0 94ms
49ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9maWVsZGVmZmVjdC5jb206NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=inline&cb=xabx7e5xmxk8

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kT2I2CHGczEUrYQIX-wkiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-kT2I2CHGczEUrYQIX-wkiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jul 2024 05:09:11 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 33ms
32ms Script
application/javascript 2606:4700::6812:ba1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:ba1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16935
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-lga21944-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T8V%2FhVXougievHjt5xndQgIUgYTYGan73Y0b5PJcUQNu58UxUW1eoAI434D1sUqBhjYiXzb3%2FfmNa0%2FWxhbmBo8PBPSie%2F9yjtloS1sgCMNpqageSIjcWltVz%2F6241oAgwrx8wQ6Z76f5G73eP0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a05ccec3f8e71b2-FRA

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 67 B
323 B 196ms
195ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-FieldEffect

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

fc7f6934f05c8fa605f99a2c98b922c180d08113ef20b14ddc517b12bf8008a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-pixel-auth: true

Response headers

date: Tue, 09 Jul 2024 05:07:14 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 67

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 584ms
191ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=demandscience-FieldEffect

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://fieldeffect.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Tue, 09 Jul 2024 05:07:14 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H/1.1 200
OK https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9 Show response
abm-tracking.demandscience.com/page-tracking/demandscience-FieldEffect/ 2 B
665 B 191ms
191ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/demandscience-FieldEffect/https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9?visitorId=a1bdd205fcbb85c948c28308604639c1_1720501751834&&clientId=DS&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 09 Jul 2024 05:09:11 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
762 B 592ms
193ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=a1bdd205fcbb85c948c28308604639c1_1720501751834&&clientId=DS&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 09 Jul 2024 05:09:12 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
194 B 221ms
220ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 09 Jul 2024 05:09:11 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F7D91969627243FFB17FA68E89939DEF Ref B: FRAEDGE2014 Ref C: 2024-07-09T05:09:12Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://fieldeffect.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYcyYfF9jurzQIJQewMPw==

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
578 B 132ms
132ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0c4c30e1-932d-47ce-ab9e-8180809fc9c6
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0c4c30e1-932d-47ce-ab9e-8180809fc9c6
last-modified: Tue, 09 Jul 2024 05:09:12 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-776cb5686f-fr5m6
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8a05ccef5e2d6ae0-FRA

GET
H3 200 bframe
www.google.com/recaptcha/enterprise/ Frame 5104 0
0 36ms
35ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-idIP78n6Y1p4cjFE_vs3Jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-idIP78n6Y1p4cjFE_vs3Jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 09 Jul 2024 05:09:12 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 116ms
115ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=6sense-temp-analytics&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=https%3A%2F%2Fepsilon.6sense.com&q=%7B%22name%22%3A%22https%3A%2F%2Fepsilon.6sense.com%2Fv3%2Fcompany%2Fdetails%22%2C%22entryType%22%3A%22resource%22%2C%22startTime%22%3A1199.400001525879%2C%22duration%22%3A277.5999984741211%2C%22initiatorType%22%3A%22xmlhttprequest%22%2C%22deliveryType%22%3A%22%22%2C%22nextHopProtocol%22%3A%22%22%2C%22renderBlockingStatus%22%3A%22non-blocking%22%2C%22workerStart%22%3A0%2C%22redirectStart%22%3A0%2C%22redirectEnd%22%3A0%2C%22fetchStart%22%3A1199.400001525879%2C%22domainLookupStart%22%3A0%2C%22domainLookupEnd%22%3A0%2C%22connectStart%22%3A0%2C%22secureConnectionStart%22%3A0%2C%22connectEnd%22%3A0%2C%22requestStart%22%3A0%2C%22responseStart%22%3A0%2C%22firstInterimResponseStart%22%3A0%2C%22responseEnd%22%3A1477%2C%22transferSize%22%3A0%2C%22encodedBodySize%22%3A0%2C%22decodedBodySize%22%3A0%2C%22responseStatus%22%3A401%2C%22serverTiming%22%3A%5B%5D%2C%22metadata%22%3A%7B%7D%7D&isIframe=false&m=%7B%22endpoint%22%3A%22epsilon.6sense.com%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=&d=1&v=1.1.21

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:12 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 116ms
116ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A11%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Requested by

Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:12 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:12 GMT

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a1bdd205fcbb85c948c28308604639c1_1720501751834
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a1bdd205fcbb85c948c28308604639c1_1720501751834&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AACnPU7NGYwAABWg1cKv6A

0
0

POST
H/1.1 204
No Content collect Show response
n.clarity.ms/ 0
279 B 128ms
126ms XHR
text/plain 172.175.234.12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.234.12 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://fieldeffect.com
Date: Tue, 09 Jul 2024 05:09:12 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 91ms
46ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: fieldeffect.com
URL: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:13 GMT
x-amz-version-id: az1JGSQ.qou05rXeP8ubGTGmlUNWgCp9
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
age: 63581
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 24 Jun 2024 11:29:23 GMT
server: cloudflare
etag: W/"e3c441f75699329acb887bf918f755c9"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8a05ccf519935d88-FRA
x-amz-cf-id: pbdrE7Jk_p3yR2aFN0A89AwMCpMq6QtvspqdMy6-mFO8xqTIR3sO2w==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
747 B 165ms
152ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=8376691&pi=172198427572&ct=blog-post&ccu=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign&cpi=172198427572&cgi=34325584238&lpi=172198427572&lvi=172198427572&lvc=en&pu=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&t=Field+Effect+discovers+M365+adversary-in-the-middle+campaign&cts=1720501753089&vi=94b8d33bf3a14056cbca1992411f21b6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b22e7abb-c4e9-4a36-ae10-d0c275fbc79f
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b22e7abb-c4e9-4a36-ae10-d0c275fbc79f
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7WWCC4RsD%2B33gILtF5xIGmE7muPlI5bkLEfjZG39cH%2BJWa78D9XtNBNWK112ta4IcLjA5Bhq8x4QMsUITMwmMDsaPg1mWZ16bamPYZGkGQB%2FQ7YnLCDu5q450BNVc6XsuhdG%2B5USscUivQsbb2PM"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-2vxt5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8a05ccf4fd738f31-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
923 B 149ms
142ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=d66f1360-3bc5-4948-9a84-a469b0298fe7&fci=70dd42d2-5a1a-41ef-a063-80e7c5cf5f2f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=8376691&pi=172198427572&ct=blog-post&ccu=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign&cpi=172198427572&cgi=34325584238&lpi=172198427572&lvi=172198427572&lvc=en&pu=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&t=Field+Effect+discovers+M365+adversary-in-the-middle+campaign&cts=1720501753090&vi=94b8d33bf3a14056cbca1992411f21b6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 74b253ef-19d0-4ebd-98ed-cdf9c322a556
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 74b253ef-19d0-4ebd-98ed-cdf9c322a556
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47T5rEF29i3X0og9tabg0ltw2iYhrD4qv0%2B204eaKbsHme0efuWx9%2FKZ682lC52Ts3IrDaDxzocN5Pv4pbBjWwgNbgIPrO%2BlvWkPH6tSlQqucEnrpZYcHbDiT%2BYtUr%2BDkhtga9M1w%2FH4e%2B6HIvz4"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-k7dnw
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8a05ccf4fd728f31-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=C36008F7AC684D259BB19E0D26391767&RedC=c.clarity.ms&MXFR=066AD6986B19667711B5C22F6F196865
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C36008F7AC684D259BB19E0D26391767&MUID=07E811DC28FA67DC1114056B2928662E

42 B
464 B

57ms
56ms

Image
image/gif

13.74.129.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C36008F7AC684D259BB19E0D26391767&MUID=07E811DC28FA67DC1114056B2928662E
Protocol: H2
Server: 13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:13 GMT
last-modified: Tue, 25 Jun 2024 19:30:12 GMT
server: Microsoft-IIS/10.0
etag: "7473f1936c7da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 283B3CB3D802427CAFA733C9C4939254 Ref B: FRAEDGE2007 Ref C: 2024-07-09T05:09:13Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=C36008F7AC684D259BB19E0D26391767&MUID=07E811DC28FA67DC1114056B2928662E
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 fe-favicon-blue-v2.png
fieldeffect.com/hubfs/Field%20Effect%202024/Logos/ 1 KB
3 KB 60ms
59ms Other
image/webp 199.60.103.92
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fieldeffect.com/hubfs/Field%20Effect%202024/Logos/fe-favicon-blue-v2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.92 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d907b5146eecbfde14b03c00f775105a8ce5dc9935c0787394faffe2b47c752

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-168600427352,FD-166980893476,P-8376691,FLS-ALL
age: 981545
x-amz-request-id: 5EQDA9W178VSVHPJ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-168600427352,FD-166980893476,P-8376691,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="fe-favicon-blue-v2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "ca3b9b96e11b423d314c169d7167ae32"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1716831559346
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 09 Jul 2024 05:09:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 6f4aa26c09fb9bb4d152519f44256a4c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ZtI5o5R4fy6P6cumv8pJSFzno_z7izSV
x-amz-cf-pop: FRA60-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1948
x-cache: RefreshHit from cloudfront
cache-tag: F-168600427352,FD-166980893476,P-8376691,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 1196
x-amz-id-2: BCk6uI5fi80gcadr0GaWbuYHT+L7CeTjrPjv0VcssNqSEokNDqXcH4xR+EdjSdRBhvwVIKG2Bs8=
last-modified: Thu, 27 Jun 2024 20:09:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmJbUARCRt7xgrtqc0AFmrP9QaOiwIp58aGOf8IkwABOmNEl4BagoDIm2iTEe%2BWy5ZpH8VkxQm0DujNtgTmr%2BrUI9LeD0d1BZKO8p2T36pLb2n%2BZfDBGkql3PJ%2BI2K3mYg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8a05ccf508bf9b8c-FRA
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 9u-Y9I_sZfx7nzuaSJzAouXIX-9j0qXvFho5ZeElKVdt9zow5BXrXA==

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
684 B 182ms
182ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8bd1d6f1e92a9f8772f95e5a0f83f234d7cb0a5cfc007b8d69af510604182d70

Request headers

visited_url: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign#6e2eyj9
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Authorization: Bearer de193084031679922128
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jul 2024 05:09:13 GMT
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA6-C1
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: aoPfEh9pPHcESvw=
server: cloudflare
etag: W/"cb-qCBlLTVSzGLKfTaLyUKDzXUrft0"
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://fieldeffect.com
cf-ray: 8a05ccf858a49201-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-Amp-Device-Id, X-Amp-Session-Id
x-amz-cf-id: UqfM3bSAvRbwKjj2HU4gtLSTzPFJ47aDlO4BWfDGuXgT9K4EacSBxQ==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 474ms
448ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://fieldeffect.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,visited_url
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
apigw-requestid: aoPfCgJgPHcESTA=
cf-cache-status: DYNAMIC
cf-ray: 8a05ccf58eec9201-FRA
date: Tue, 09 Jul 2024 05:09:13 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront)
x-amz-cf-id: JTbb1jIRaynuT57m-IOC6XzR_rcKLBbPryt0O9B9yl5sLxhutULBoQ==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 113ms
113ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A12%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:13 GMT

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/632a1b0f91976dea4cf490d9/ Frame 0
0 207ms
169ms Preflight
text/html 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/632a1b0f91976dea4cf490d9/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://fieldeffect.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://fieldeffect.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a05ccf9cd243a90-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 05:09:14 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 101ms
64ms Script
application/javascript 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:13 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 1877
x-guploader-uploadid: ACJd0NoreHAti5KYE8heHFopYMQEC5QhI1dEDQDOo7aK5XAfxDmYAf3xXkxBB6c85tqoTPrDz9FgWs_1_A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8a05ccf9bea59bbf-FRA
expires: Tue, 09 Jul 2024 05:37:56 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/632a1b0f91976dea4cf490d9/ 5 KB
2 KB 233ms
206ms Fetch
text/javascript 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/632a1b0f91976dea4cf490d9/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7e08e251c0af37ba389ca0fe5ee33d1e775f4834a954e9a6dd63867e0201f277

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign#6e2eyj9
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
_vtok: ODQuMTkuMTc1LjE4NA==
_zitok: 685698b0e7669cb75c9c1720501753
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

date: Tue, 09 Jul 2024 05:09:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://fieldeffect.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8a05ccfafd381c0b-FRA

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 161ms
161ms Preflight
text/html 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://fieldeffect.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://fieldeffect.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a05ccfa5d8a3a90-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Jul 2024 05:09:14 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 2 B
343 B 161ms
160ms Fetch
application/json 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Authorization: bearer 05d2b2e458caaee393f59cd4e44197
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 Jul 2024 05:09:14 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://fieldeffect.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
content-length: 2
cf-ray: 8a05ccfb5d761c0b-FRA
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK 133af8b2-8630-462c-bf82-6345ad919a5c Show response
https://fieldeffect.com/ 5 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://fieldeffect.com/133af8b2-8630-462c-bf82-6345ad919a5c
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e08e251c0af37ba389ca0fe5ee33d1e775f4834a954e9a6dd63867e0201f277

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 4808
Content-Type: text/javascript

GET
H2 200 data.js Show response
tags.clickagy.com/ 79 KB
25 KB 97ms
25ms Script
text/javascript 2600:9000:211e:200:4:8491:f2c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95

Requested by

Host: fieldeffect.com
URL: blob:https://fieldeffect.com/133af8b2-8630-462c-bf82-6345ad919a5c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:200:4:8491:f2c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

16372f4b218b228a8059715a7b3895a75da6d917b1832332461a7aeeb3c62658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: wNBvgkMcNXRaYNx.VfZm7J8BpA7qbY0d
content-encoding: br
via: 1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
date: Tue, 09 Jul 2024 03:39:31 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-C2
age: 5384
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 12 Jun 2024 17:59:45 GMT
server: AmazonS3
etag: W/"b70ab2c52d3d083ca590a60b9971a6ac"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/javascript
x-amz-cf-id: MUMiye5wUTtUJAgGyhdWQoVZSc3Hk01tVTkjhiMvnff1LiR_W6_p8Q==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 12 KB
5 KB 113ms
29ms Script
application/x-javascript 65.9.99.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: fieldeffect.com
URL: blob:https://fieldeffect.com/133af8b2-8630-462c-bf82-6345ad919a5c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.99.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-99-119.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Tue, 09 Jul 2024 05:01:33 GMT
Content-Encoding: gzip
Via: 1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
Last-Modified: Fri, 07 Jun 2024 09:20:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: PRG50-C1
Age: 462
x-amz-server-side-encryption: AES256
ETag: W/"a7eb6794e868fe870db350518165c868"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: Zk4AWYo1JPbr8M0yc-AaYaah3QM0X89E2_luYt7Hym4tf9ogHe8vaQ==

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
505 B 400ms
132ms XHR
application/json 34.227.41.47
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.41.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-41-47.compute-1.amazonaws.com
Software: Aorta/20240627.c50ad1768 /
Resource Hash: 032ea34532c8bd91b3f3ceedc9a7d78bb4945c3e56c1a979fae739d911c9ec80

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 09 Jul 2024 05:09:14 GMT
content-encoding: gzip
server: Aorta/20240627.c50ad1768
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 956192dd7f3f
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2

200

cm
us-u.openx.net/w/1.0/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:159c805e8787020735df66f739872f9e&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
https://d.agkn.com/pixel/10751/?che=1720501754888&ip=84.19.175.184&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D217023104938000355295
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=217023104938000355295
https://sync.crwdcntrl.net/map/c=8545/tp=CKGY/tpid=c:159c805e8787020735df66f739872f9e/gdpr=0/gdpr_consent=false/?https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D120%26cm%3D%24%7...
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=120&cm=
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:159c805e8787020735df66f739872f9e&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=79908&dpuuid=c:159c805e8787020735df66f739872f9e&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_U...
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=124&cm=01273885904750687042637611515874759972
https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%25...

43 B
295 B

116ms
41ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:15 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 09 Jul 2024 05:09:15 GMT
server: Aorta/20240627.c50ad1768
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://us-u.openx.net/w/1.0/cm?id=af408286-42f3-4d1c-bb48-10bd86dbcd66&r=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fch%3D4%26cm%3D%7BOPENX_ID%7D%26redir%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537073026%2526val%253D%257Bvisitor_id%257D
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 5304b6290f23
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 115ms
115ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A13%20GMT%22%2C%22timeSpent%22%3A%221049%22%2C%22totalTimeSpent%22%3A%223052%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:14 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:14 GMT

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
325 B 439ms
127ms XHR
text/plain 3.216.176.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.216.176.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-216-176-3.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 05:09:15 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://fieldeffect.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

GET
H2 200 up
insight.adsrvr.org/track/ Frame F418 0
0 159ms
47ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=8emthjr&ref=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&upid=0s6iy91&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-length: 0
content-type: text/html
date: Tue, 09 Jul 2024 05:09:14 GMT
server: Kestrel

POST
H/1.1 204
No Content collect Show response
n.clarity.ms/ 0
279 B 254ms
246ms XHR
text/plain 172.175.234.12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.175.234.12 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://fieldeffect.com
Date: Tue, 09 Jul 2024 05:09:15 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 114ms
114ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A14%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224052%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:15 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:15 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 118ms
118ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=972c3fcb77803beb43910341243b535c&svisitor=null&visitor=dcee5959-24f6-408a-8ce8-d67c07bd312b&session=2c86dde3-6d9b-443c-84ed-fa203cb34288&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2009%20Jul%202024%2005%3A09%3A15%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225053%22%7D&isIframe=false&m=%7B%22description%22%3A%22Field%20Effect%20security%20intelligence%20analysts%20uncover%20an%20adversary-in-the-middle%20campaign%20that%20leverages%20Axios%20to%20target%20M365%20email%20accounts.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Field%20Effect%20discovers%20M365%20adversary-in-the-middle%20campaign%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&pageViewId=1fe017ec-de5a-4882-86a4-585f2a59cef3&v=1.1.21

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://fieldeffect.com/blog/field-effect-discovers-m365-adversary-in-the-middle-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 05:09:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 09 Jul 2024 05:09:16 GMT

GET pixel.gif
aorta.clickagy.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AACnPU7NGYwAABWg1cKv6A

Domain: aorta.clickagy.com
URL: https://aorta.clickagy.com/pixel.gif?cs=33:-1,37:1,43:-1,44:-1,47:-1,48:-1,52:1,38:1,53:1&fp=de9f49cab46bf7e32b3dc3f3dfa24d56&u=https%3A%2F%2Ffieldeffect.com%2Fblog%2Ffield-effect-discovers-m365-adversary-in-the-middle-campaign%236e2eyj9&ch=278

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 02:14:13	Name: _GRECAPTCHA Value: 09AB84Srsu_2riBUrZrTwkU0NXUrnKlEHe5E6ktxmoiALToY1zac8TWi1JcG_67vS84MUzDSN5fvNxCK0oq9Uczzw
.fieldeffect.com/	1970-01-20 21:55:03	Name: __cf_bm Value: JShjRkv1xRjdqZMcRu21SL24OdQstG2oHV1pRn5hPj4-1720501750-1.0.1.1-AvS0wopwkQ6Ki3E7TDIslsViFOQYz97YNEz4uoh1w7xTx1nJVQTOBzNvgd2cGlYsxJ0.WTp2eWJvnwjmcyR6dQ
.fieldeffect.com/	1969-12-31 23:59:59	Name: __cfruid Value: 6f725abb91ec4893ea6d1764a11cdc887d340820-1720501750
.fieldeffect.com/	1970-01-21 00:04:37	Name: _gcl_au Value: 1.1.518214568.1720501751
.fieldeffect.com/	1970-01-21 07:31:01	Name: _ga_0ENCPYR9WR Value: GS1.1.1720501751.1.0.1720501751.0.0.0
.fieldeffect.com/	1970-01-20 21:56:28	Name: _gid Value: GA1.2.1551595560.1720501751
.fieldeffect.com/	1970-01-20 21:55:01	Name: _gat_UA-90332558-1 Value: 1
.g2crowd.com/	1970-01-20 21:55:03	Name: __cf_bm Value: BfuAwAIygt0qc08nD8AJe3ranekMQtfLBggxvyStpgM-1720501751-1.0.1.1-yWDcqhwm0gAneXceMdn3crJEbu3RQpZnxco8hBEk6biaHUUq96k3qPs3Vz.qsC1T9Qas9Tq80ZaFPj7S3txzBQ
www.clarity.ms/	1970-01-21 06:40:37	Name: CLID Value: aae0ae9872c34cd8a10239e65396f811.20240709.20250709
.fieldeffect.com/	1970-01-21 07:31:01	Name: _ga_7GMNMPVH3D Value: GS1.1.1720501751.1.0.1720501751.60.0.0
.fieldeffect.com/	1970-01-21 07:31:01	Name: _ga Value: GA1.1.1044039503.1720501751
.hsforms.com/	1970-01-20 21:55:03	Name: __cf_bm Value: zdb2Cq74RZskagyiAAVVdbasjBW00r_j0sbC9oUDKL0-1720501751-1.0.1.1-e7RTSu_Xu5fV.H2EviL0yojeDhHLHyoOkel7uoRoDyaer2GI6EQhvdRlhUKHIU0n1DBCbavIfMh_Gb4.4xIvNQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: j6EI28YglevgOYVTiRA9csuw8tBf9ATEjMjb8CsFTYs-1720501751369-0.0.1.1-604800000
fieldeffect.com/	1970-01-21 07:31:01	Name: _gd_visitor Value: dcee5959-24f6-408a-8ce8-d67c07bd312b
fieldeffect.com/	1970-01-20 21:55:16	Name: _gd_session Value: 2c86dde3-6d9b-443c-84ed-fa203cb34288
.fieldeffect.com/	1970-01-21 00:04:37	Name: _fbp Value: fb.1.1720501751459.242053432798179631
.fieldeffect.com/	1970-01-21 06:40:37	Name: _clck Value: 4ejdwt%7C2%7Cfnb%7C0%7C1651
.linkedin.com/	1970-01-21 06:40:37	Name: bcookie Value: "v=2&54dba082-084c-4e36-8a27-2e43fd768e51"
.linkedin.com/	1970-01-21 02:14:13	Name: li_gc Value: MTswOzE3MjA1MDE3NTE7MjswMjFEqOTefO1osuymfMvSaXXAkML7wNPRf+wq5z2UtXY8cQ==
.linkedin.com/	1970-01-20 21:56:28	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3442:u=1:x=1:i=1720501751:t=1720588151:v=2:sig=AQGxGAqg7NPMJC2p0FubB3SxUf90ER_3"
.t.co/	1970-01-21 07:31:01	Name: muc_ads Value: b3951d7b-2156-4bb7-8314-130f1d97a24e
.twitter.com/	1970-01-21 07:31:01	Name: guest_id_marketing Value: v1%3A172050175154949226
.twitter.com/	1970-01-21 07:31:01	Name: guest_id_ads Value: v1%3A172050175154949226
.twitter.com/	1970-01-21 07:31:01	Name: personalization_id Value: "v1_JkGQaNpQymNDe10/1uQRFg=="
.twitter.com/	1970-01-21 07:31:01	Name: guest_id Value: v1%3A172050175154949226
abm-tracking.demandscience.com/	1970-01-21 07:31:01	Name: userId Value: a1bdd205fcbb85c948c28308604639c1_1720501751834
.get.fieldeffect.com/	1970-01-20 21:55:03	Name: __cf_bm Value: ry6aPlSdbAUHAOvPxTqeJPX7odngR1LKA8fx2Z0bmvk-1720501752-1.0.1.1-SatC4JvP2lMiYjTlFBoP3p5_AENhNQkLKVJfDEmoJc1nxaiN20bYgLmv_ovWozjiAQECe0zr8JbOWipw0prR7A
.get.fieldeffect.com/	1969-12-31 23:59:59	Name: __cfruid Value: 6ea43345bf93f83efe1fc57f47424499b85a4c0d-1720501752
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: b56409f4fcf5b3ec59676a7d93a0f3642a1f828f-1720501752
.fieldeffect.com/	1970-01-20 21:56:28	Name: _clsk Value: 1ve2erg%7C1720501752207%7C1%7C1%7Cn.clarity.ms%2Fcollect
tracking.contanuity.com/	1970-01-21 07:31:01	Name: userId Value: a1bdd205fcbb85c948c28308604639c1_1720501751834
tracking.contanuity.com/	1970-01-21 07:31:01	Name: clientId Value: DS
.bidr.io/	1970-01-21 07:23:35	Name: bito Value: AACnPU7NGYwAABWg1cKv6A
.bidr.io/	1970-01-21 07:23:35	Name: bitoIsSecure Value: ok
.hubspot.com/	1970-01-20 21:55:03	Name: __cf_bm Value: w1dpNtevr48kBto5chp2z0DQpPto1stVlVq107nH5S4-1720501753-1.0.1.1-HCXeOENcAcXvQyDSAzjZN0LDMFRz0PK_W_NA61xK77Bb1c48JfCncNG7Z8nWt9KDJ2UhH.YkO7a5eATrGwE2fA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: nUHbiK8.1WdLAJjpr63QlUXs7CUXdLd0_htEJTAql1g-1720501753240-0.0.1.1-604800000
.bing.com/	1970-01-21 07:16:37	Name: MUID Value: 07E811DC28FA67DC1114056B2928662E
.c.bing.com/	1970-01-20 22:05:06	Name: MR Value: 0
.c.bing.com/	1970-01-21 07:16:37	Name: SRM_B Value: 07E811DC28FA67DC1114056B2928662E
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 07:16:37	Name: MUID Value: 07E811DC28FA67DC1114056B2928662E
.c.clarity.ms/	1970-01-20 22:05:06	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 21:55:02	Name: ANONCHK Value: 0
.fieldeffect.com/	1970-01-21 06:40:37	Name: _zitok Value: 685698b0e7669cb75c9c1720501753
.zoominfo.com/	1970-01-20 21:55:03	Name: __cf_bm Value: OTgFsKdkAxS7ZzKtDujurtDFMuGoeFgfSy7pmOEO.Sg-1720501753-1.0.1.1-rbBieaUiThWYBMzushIjtl8cj6fV17I1dTB4mFg7YW1cXBD_.NmMMKX_DRNO_DaXUcF5gzgGfwyWkunJOqRF2A
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: eClKgb7HItmFEZogEkkW66CvZ3hpTa.XIrE7xQ.C4tA-1720501753919-0.0.1.1-604800000
.agkn.com/	1970-01-21 06:40:37	Name: ab Value: 0001%3Asu6NZoyj4%2BFhKUBJgqdLG%2FGLXt%2FOm70B
.agkn.com/	1970-01-21 06:40:37	Name: u Value: C\|0AAAAAAAALh-CewAAAAAA
.demdex.net/	1970-01-21 02:14:13	Name: demdex Value: 01273885904750687042637611515874759972
.dpm.demdex.net/	1970-01-21 02:14:13	Name: dpm Value: 01273885904750687042637611515874759972

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://epsilon.6sense.com/v3/company/details Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
abm-tracking.demandscience.com
analytics.twitter.com
aorta.clickagy.com
app.hubspot.com
b.6sc.co
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
d.agkn.com
dpm.demdex.net
epsilon.6sense.com
fieldeffect-8376691.hs-sites.com
fieldeffect.com
forms-na1.hsforms.com
get.fieldeffect.com
hemsync.clickagy.com
insight.adsrvr.org
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
n.clarity.ms
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
sync.crwdcntrl.net
t.co
tags.clickagy.com
track.hubspot.com
tracking.contanuity.com
tracking.g2crowd.com
unpkg.com
us-u.openx.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
aorta.clickagy.com
tracking.contanuity.com
104.18.37.212
104.244.42.195
108.128.111.241
13.107.42.14
13.74.129.1
146.75.120.157
172.175.234.12
18.185.153.148
199.60.103.92
2.17.100.210
2001:4860:4802:32::36
2600:9000:211e:200:4:8491:f2c0:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67e4
2606:4700:4400::ac40:991b
2606:4700::6810:4c8e
2606:4700::6810:752b
2606:4700::6810:7574
2606:4700::6810:762b
2606:4700::6810:7674
2606:4700::6811:190e
2606:4700::6811:80ac
2606:4700::6811:afc9
2606:4700::6811:b05b
2606:4700::6811:f9cb
2606:4700::6812:1fb0
2606:4700::6812:593e
2606:4700::6812:ba1f
2606:4700::6812:e072
2606:4700::6813:afbc
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::237
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::2004
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9d
2a02:26f0:480:15::213:7e4a
2a02:26f0:7100::210:172
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
3.216.176.3
3.33.220.150
3.65.167.176
34.227.41.47
34.98.64.218
44.226.187.177
52.29.221.165
52.32.164.86
54.203.236.163
63.34.165.131
65.9.99.119
93.184.221.165
032ea34532c8bd91b3f3ceedc9a7d78bb4945c3e56c1a979fae739d911c9ec80
04161e486133cc920594f0db34c671cf8fccb2f77c52ae370c5cfdd9cddbb8ec
0771d9c32e20a214df47dad110ac08814699b20fb7985ff037c5cdf4dbab71c9
080a485f94dee0e757572d6258ffb9faa1bf8876bef1aa5f60e15a81d54c4709
0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a
0ee4d72cfa92d6e177c2b50e36c23bf887bb5ee4e7c503e275eaeec023292518
106fcd8d723eda7d92a26893a439ccef998e5fc68ad228253607143d801e8cd8
16372f4b218b228a8059715a7b3895a75da6d917b1832332461a7aeeb3c62658
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
1d094c57afe20d13a9d64937994e84ebd2c2b72d7f79a077d76a61202747132b
1d907b5146eecbfde14b03c00f775105a8ce5dc9935c0787394faffe2b47c752
251bc4dac068150964b18443047be6b42cfc980b3c0ca8343703d30222db9c7b
29f11448b5d2c4e4d0435b7c1b4ca01faeca222f410e7367d71047a100fd20cc
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2f42e70cbe23d39deb4062845aeddc5a99c57d5ff64ddeff78cbdec8b72cebba
2f66067e2a27bb43ee565e99e2443c730566de52f3f9620bfaf8a2256802aec3
3690977a35c191d7d7f4760508961892c5bf9770268a383c8117b24184038be6
398e07031797441bf4d98bb6d279a51ed2c89ed1edb24746413d4e83475adfeb
3f7fef0f9eb9a243d5f0624cb7b21e214456b086a73a913238c756c010f6fd20
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
407e49aad6318500c6ba945728009ef398b07832777d9828bf7fe8bf2720a101
43c369fc28dd8cffd0a38ac8a3dbc8428c59cb13dee0bfa4bc6766f0461d84bc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4558ceef5eb47f7548acb78c26f29d48a4e5424d5797e3a636f157904a324d17
46cec6034070fe1797cd1b93c36c74a6b84676a2c9fb4a51b5bcb5f595dc8b27
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50f99b82ed6cf98e786f43421f67d8aaa99a83323a0a9cc27b772f0e6fff5643
547e6b7bb1236db2f1b7c783bfde93fb5b739d25a3b2667d786c84536f62751b
5a7aa7b9163f21333a3bb48a27c1566941d2090ed5900995f65c3f7cea9e48ae
5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e
5fb9e0125248670801eaca7518e5a90b2227b0842510a248c5824b2ccab00c59
60d1213a81cce1bd06e43d798d2b64cc8eb3ac1dc7c787e4d5f886286b57216c
632ae2a19dd0817549172e38d37d628124c089c4466c0dca78378c8a78e3f1e1
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
68b594d79a955d4237d365555d137be2842068c263d444f583556ee1f9a8cbc1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c0260156c38097010d0872cf2f3399b2f91435e18d9ea6b4fc2ffddb2ff8475
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
74ba745782c52cdc05aaca40f5b5c028885862e7cc0c1cba55b816494922ed65
74dcc1eb2c6f66c23a2fcafd5aeeae1bc9f6570346cd243ba075a4f5ba130dc6
753b5d77684b20581dddd43b3a944bca93a44da9e6dee0c8232ca6ed8a40ead5
7d23a3cba9c9e734b155c86294109c51ccd1b340b990dda6616427ba39b988db
7e08e251c0af37ba389ca0fe5ee33d1e775f4834a954e9a6dd63867e0201f277
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
88edb9eacd4acd1da8317a7d0b42102b306cbaf845dee134b1b8ae301c07fda6
8a120f192756fe1c031a5f91ddce5468fdf85f82d49ae97d013184d2527f192c
8bd1d6f1e92a9f8772f95e5a0f83f234d7cb0a5cfc007b8d69af510604182d70
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e0d4f497ab9f2fc0efa1aad4ac7f40150d0d199cb81886073092db1c30ed004
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9ab69e4200ed8a63d29d0966e179af0cc027fcffa9db4853b3e30ba47683d6ec
a04b3fb2da61d25730381475b77301c784794c854e38eb43f7154a91cc86344e
a625dd8b7eeb924d21443f059763ceefe2def98d2eb2d502ad854fd28c0b8669
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab1fca31f7e7a89c198881e69c42c6bb3578b7d55f2cee7463b96360feaf7eaa
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b166325a741179c6228f1e49e91352f60d6f1625e654c5be39c2ccad286d4c8c
b4d54be775dcbe5b184f6bc4793d5e1c7108c126cbff61996208f0d95e8ca162
b7bcabdeabc928df5f998a410f656db22b6d8973ad3b73851feaba2ee6a44bc8
c114a5641b9988aecb7a00c47bd1d37d912883ff4ef9c3b9fe6ad21603ab1066
c7592ffb4f9f7fe5c31c307e1325ed498e6ba3fface6c47bef29c2742e835bc3
c7f0b3e94e955c82b7bce15572d9b6a75ccd1e01f8ad8b56dee077885d2277cc
ca7247cde6ae2932ad479710e5334f38439d631c3d12eae9f20833dd334016a6
d705609a7da1575b4d4bb938000def4fc3f97dbb24716a424676bb2f18b1bd5e
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0110d5fcb8a76e8c3b3fec74376611bd9b5d9f34958e17d94be294ed4e8051e
e0dd134369437980e757ce931cfbbeca66ba8216e801dc31cc4914bca1e5b247
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8feebb97ce6421410861d68239e42b173e51481ccc6bd6f4dee4331d57ec830
eb9b5ee0aadf6649018956ebe3b18bddbcff0e7a41c9dedadf1e9dbe5498a5e0
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f001992caedc1d614ce3526a993abecffc597ee0a1483221a56aac3c36b60f40
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5
f7d2d43c27a110c071106da977e0f779f3c60845234cec1e5be6b457d53de09a
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fb17fd6899c7a1c9e6ae282ada120324605202725d179347f8ea1ee49d8f1e22
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fc7f6934f05c8fa605f99a2c98b922c180d08113ef20b14ddc517b12bf8008a7
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

fieldeffect.com Open in urlscan Pro 199.60.103.92 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

135 Requests

95 %HTTPS

61 %IPv6

41 Domains

62 Subdomains

52 IPs

6 Countries

2395 kBTransfer

5696 kBSize

50 Cookies

13 Outgoing links

Redirected requests

135 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

fieldeffect.com Open in urlscan Pro
199.60.103.92 Public Scan

Screenshot
Live screenshot

Full Image

135
Requests

95 %
HTTPS

61 %
IPv6

41
Domains

62
Subdomains

52
IPs

6
Countries

2395 kB
Transfer

5696 kB
Size

50
Cookies

135 HTTP transactions
2 data transactions