www.menlosecurity.com Open in urlscan Pro
52.206.163.162  Public Scan

15 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 85

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1723367623503%26url%3Dhttps%253A%252F%252Fwww.menlosecurity.com%252Fblog%252Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQJRYhSqnMq_WAAAAZFAtw5Y-vWqyJjKoo4lMfsY7JySdT7dXGgDfNuOEdY2kfMmvebaIw

147 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Show response www.menlosecurity.com/blog/	83 KB 20 KB	760ms 238ms	Document text/html	52.206.163.162 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.206.163.162 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-206-163-162.compute-1.amazonaws.com Software / Resource Hash a167cd769d22f6c5152ebf7eb90ee92427262c76490d162188e1eb73bb14ba91 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 138386 content-encoding gzip content-length 20498 content-type text/html date Sun, 11 Aug 2024 09:13:41 GMT strict-transport-security max-age=31536000; includeSubDomains vary x-wf-forwarded-proto, Accept-Encoding x-cache HIT x-cache-hits 1 x-cluster-name us-east-1-prod-hosting-red x-content-type-options nosniff x-frame-options DENY x-lambda-id d7581b42-c401-44f8-803d-4d1fb581a7cf x-served-by cache-iad-kcgs7200020-IAD x-timer S1723367622.655972,VS0,VE1
GET H3	200	menlo-dev.e7c113e4e.min.css cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/	399 KB 64 KB	157ms 84ms	Stylesheet text/css	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4afcd70771adcb5864e328e8174d41476cb95c3aa414e2801759704b248d654d Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:41 GMT content-encoding gzip x-amz-version-id OOdwn_n_9mebHot_T1qhGGgYjRqXuSaI cf-cache-status HIT x-amz-request-id RHGJEN62ZP2PT5HE age 333956 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 65251 x-amz-id-2 dmJOPQ4EVdD9cvRdSmTHoNWZ7deGJmAEjMW9ZuSwig17pi9VrWO6eFMcoqGzI3zKt15+5Wm+Bv0= last-modified Tue, 06 Aug 2024 21:42:30 GMT server cloudflare etag "31da0063514efc93bb2b06a00f5f02c0" vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=31536000, immutable accept-ranges bytes cf-ray 8b171c7528e2cb85-LAX
GET H2	200	OtAutoBlock.js Show response cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/	358 KB 48 KB	210ms 80ms	Script application/x-javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/OtAutoBlock.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 66085b432bc3474a30eb6ec42867637b57e188fe812259c26a11bb5efc9b957e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 46182 content-md5 LTHIY1gTOdIL3NGZgnLi+A== content-length 49235 x-ms-lease-status unlocked last-modified Mon, 22 Jul 2024 21:21:49 GMT server cloudflare etag 0x8DCAA944C815162 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id af77a272-c01e-0055-1a7d-dc78fd000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c758bbe5331-LAX expires Mon, 12 Aug 2024 09:13:42 GMT
GET H2	200	otSDKStub.js Show response cdn.cookielaw.org/scripttemplates/	21 KB 7 KB	202ms 73ms	Script application/javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 Wbr2pAeg61Hfi+2FuD0cYA== age 61270 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 6882 x-ms-lease-status unlocked last-modified Thu, 08 Aug 2024 20:27:00 GMT server cloudflare etag 0x8DCB7E874D2EB3B vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id fc958ea1-c01e-0099-508c-ea1c48000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c758bbf5331-LAX
GET H3	200	65b30af079f2a57286546248_icon-rounded-close-icon.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	311 B 613 B	141ms 71ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/65b30af079f2a57286546248_icon-rounded-close-icon.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9da14942229f055eb8acb3012a6e1fadcff12d6db2a9736e685a1113539468ba Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:41 GMT x-amz-version-id zbIvUCgae1xaV2oBYvtk4AbFl.T7lTFF content-encoding br cf-cache-status HIT x-amz-request-id SQD2SWG9VXPAFX0T age 3341039 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 9elzvLirC1/Qk/gA7iVCJFdjoCnXMndxkIP2XP0JKThX/VcteBjzHp/Fs5uFH0XuvRac1mwCVZ6BCR8E4v63K2O1PQgOuc4NyNguswVUFNE= last-modified Fri, 26 Jan 2024 01:29:21 GMT server cloudflare etag W/"05edd6e8fc673e0b58d2a5408c1359ac" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c7528decb85-LAX
GET H2	200	forms2.min.js Show response info.menlosecurity.com/js/forms2/js/	199 KB 67 KB	462ms 84ms	Script application/x-javascript	104.17.71.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.menlosecurity.com/js/forms2/js/forms2.min.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Fri, 19 Jul 2024 20:11:11 GMT server cloudflare age 2083 etag "bc080e-31b30-61d9f4beb95c0" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 8b171c771cadfaf4-SJC expires Sun, 11 Aug 2024 13:13:42 GMT
GET H2	200	jquery-3.5.1.min.dc5e7f18c8.js Show response d3e54v103j8qbb.cloudfront.net/js/	87 KB 30 KB	477ms 156ms	Script application/javascript	18.239.166.113 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6536e5317bf92f62050c3585 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.166.113 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-166-113.bos50.r.cloudfront.net Software AmazonS3 / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Referer https://www.menlosecurity.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 01:25:55 GMT content-encoding br via 1.1 2032fc652efa8b24e72db743fa879d26.cloudfront.net (CloudFront) age 28068 x-amz-cf-pop BOS50-P3 x-cache Hit from cloudfront last-modified Mon, 20 Jul 2020 17:53:02 GMT server AmazonS3 etag W/"dc5e7f18c8d36ac1d3d4753a87c98d0a" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=84600, must-revalidate vary Accept-Encoding x-amz-cf-id aAQ-Gy-Sxf0bq865_4AR-6QyjnfdCF7UNfuuU3oOdkhPCtb1c2xc_w==
GET H3	200	menlo-dev.43f68d26a.js Show response cdn.prod.website-files.com/6536e5317bf92f62050c3585/js/	908 KB 114 KB	76ms 74ms	Script text/javascript	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/js/menlo-dev.43f68d26a.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c26575c70e1f144946996d028e93d4de37a5c43629095ef46bc15078654e777 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-amz-version-id 9l4sj4xe2smax.8Sqt5EKFsbOteMfCLt cf-cache-status HIT x-amz-request-id TGAM9VHNFBJWD61F age 908618 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 116075 x-amz-id-2 nYgPjt7a8JGnFyLuJhmCede0pDTSFxZLemrARfa8cszxrEosqVqIg0OjUxsUys6KsTvkkhokTZI= last-modified Wed, 31 Jul 2024 16:59:59 GMT server cloudflare etag "5d3ed82cc095c2d89bd10104b70496eb" vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000, immutable accept-ranges bytes cf-ray 8b171c76fd24cb85-LAX
GET H2	200	1a750de4-f18f-43d4-8b13-4ead3aa824f4.json Show response cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/	5 KB 2 KB	205ms 82ms	XHR application/x-javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/1a750de4-f18f-43d4-8b13-4ead3aa824f4.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5239a4bee550e05899d6ebde8bcfb8fa9accbadf106d84ed9e1a748e3cdbb2f4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 35815 content-md5 R4GFYjosYh4TMDPIsadpIg== content-length 1746 x-ms-lease-status unlocked last-modified Mon, 22 Jul 2024 21:21:49 GMT server cloudflare etag 0x8DCAA944C733065 vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id be3e486b-a01e-00cd-757d-dcf6c2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c77bd0c14e0-LAX expires Mon, 12 Aug 2024 09:13:42 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	340 KB 112 KB	385ms 141ms	Script application/javascript	2607:f8b0:400d:c09::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 61df6c880c986c56db2d2c847bf34b6c210b8745cefb8733052918e9fd6390f0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 114066 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 11 Aug 2024 09:13:42 GMT
GET H2	200	embed.js Show response hubfront.hushly.com/	210 KB 62 KB	742ms 411ms	Script application/javascript	2600:9000:20ee:5e00:13:a3bc:6800:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://hubfront.hushly.com/embed.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ee:5e00:13:a3bc:6800:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software nginx / Resource Hash 18840d2a5c11179ce4b6ed036b25a33917d7a329e36f5d7dcb5111c5ff681a37 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip via 1.1 0ab29486c1646bf2c232b2b39da771e2.cloudfront.net (CloudFront) last-modified Thu, 20 Jun 2024 09:19:49 GMT server nginx x-amz-cf-pop BOS50-C2 etag W/"6673f435-34704" x-cache Miss from cloudfront content-type application/javascript x-amz-cf-id VXVQkKSwCx5IHqJQcxhPUDqEjvocKrpeq0AnGl7AeSaTaK5-O1f00g==
GET H2	200	j.php Show response dev.visualwebsiteoptimizer.com/	32 KB 9 KB	216ms 71ms	XHR application/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/j.php?a=910208&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&vn=2.1&x=true Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gla2 / Resource Hash 218967692cd22dde48ba8c031638607c751ce76dfbe333776181b2e0dd1120ff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip via 1.1 google server gla2 etag W/"1723194789_EA" vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin https://www.menlosecurity.com cache-control public, max-age=0, no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET H2	200	6536ffc6d42c74fdfbff0fc4_Roboto-Regular.ttf assets.website-files.com/6536e5317bf92f62050c3585/	164 KB 87 KB	519ms 151ms	Font application/x-font-ttf	2600:9000:27aa:3a00:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6536e5317bf92f62050c3585/6536ffc6d42c74fdfbff0fc4_Roboto-Regular.ttf Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:27aa:3a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14 Request headers Referer https://cdn.prod.website-files.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Fri, 02 Aug 2024 23:48:32 GMT x-amz-version-id 05LPmbO2M9nNQswHGx2VlZpg6J3t6zB8 content-encoding gzip via 1.1 947270fd040d799dde5f709fe68613e8.cloudfront.net (CloudFront) age 725111 x-amz-cf-pop PHL51-P2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Fri, 01 Dec 2023 10:22:22 GMT server AmazonS3 etag W/"8a36205bd9b83e03af0591a004bc97f4" vary Accept-Encoding content-type application/x-font-ttf access-control-allow-origin * cache-control max-age=31536000, must-revalidate x-amz-cf-id ANdQBdhU7v6ZWzC5GDWPK0QmLH2JRKPc0mRNvJNb9XhQWVs5oM7UTA==
GET H3	200	65d0f2dae177d376b0c2edf8_White_Search_Icon.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	931 B 894 B	155ms 154ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/65d0f2dae177d376b0c2edf8_White_Search_Icon.svg Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0316b910e0a7b4b953bfe8cf73598737ecaf0950899b00bf3bbbbff1b1038d96 Request headers Referer https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id QJZPo1tWQCMoT6Cd4jwSQEVJ8Jt9H79J content-encoding br cf-cache-status HIT x-amz-request-id 7CPSB4ABN94HYY0D age 3345787 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 4Qh1WO19wwmSX1E/CkCE6h3QmwoZANHC7c03q/AWsCRMgDvWYuXBU46KK/eHduXNk88dD8+awl8= last-modified Sat, 17 Feb 2024 17:54:35 GMT server cloudflare etag W/"366f7ad07f086ba27b215e5a4a6339c4" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c773db6cb85-LAX
GET H2	200	6536fedde312752da0449705_Raleway-VariableFont_wght.ttf assets.website-files.com/6536e5317bf92f62050c3585/	302 KB 163 KB	700ms 390ms	Font application/x-font-ttf	2600:9000:27aa:3a00:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6536e5317bf92f62050c3585/6536fedde312752da0449705_Raleway-VariableFont_wght.ttf Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:27aa:3a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998 Request headers Referer https://cdn.prod.website-files.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Fri, 02 Aug 2024 23:48:32 GMT x-amz-version-id W6TaNt0ziNCYiA6KR0lQ_yg4yL4jsmS5 content-encoding gzip via 1.1 947270fd040d799dde5f709fe68613e8.cloudfront.net (CloudFront) age 725111 x-amz-cf-pop PHL51-P2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Mon, 23 Oct 2023 23:19:05 GMT server AmazonS3 etag W/"3ec1aa8901bbee53c49cc8b4e011a0e1" vary Accept-Encoding content-type application/x-font-ttf access-control-allow-origin * cache-control max-age=31536000, must-revalidate x-amz-cf-id t3VdIxAqAjzvpOyvgdQ1BgFEgupsrGOTCcd2h0sosUs8ts6n9jPoFg==
GET H2	200	6536ffc62cf41f78f153fcb5_Roboto-Bold.ttf assets.website-files.com/6536e5317bf92f62050c3585/	163 KB 87 KB	951ms 642ms	Font application/x-font-ttf	2600:9000:27aa:3a00:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6536e5317bf92f62050c3585/6536ffc62cf41f78f153fcb5_Roboto-Bold.ttf Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:27aa:3a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7 Request headers Referer https://cdn.prod.website-files.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Fri, 02 Aug 2024 23:48:32 GMT x-amz-version-id DEN3jsgRev_OY_LYX5MYpkpFwV.0RnKX content-encoding gzip via 1.1 947270fd040d799dde5f709fe68613e8.cloudfront.net (CloudFront) age 725111 x-amz-cf-pop PHL51-P2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Mon, 23 Oct 2023 23:20:40 GMT server AmazonS3 etag W/"b8e42971dec8d49207a8c8e2b919a6ac" vary Accept-Encoding content-type application/x-font-ttf access-control-allow-origin * cache-control max-age=31536000, must-revalidate x-amz-cf-id QFAcJpNLfheyww0ZVa2j38fmH83UB51M-XEFG00I2QObQ8rl_p8mPQ==
GET H2	200	6536ffc61a22f00ee539de31_Roboto-Italic.ttf assets.website-files.com/6536e5317bf92f62050c3585/	167 KB 88 KB	854ms 544ms	Font application/x-font-ttf	2600:9000:27aa:3a00:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6536e5317bf92f62050c3585/6536ffc61a22f00ee539de31_Roboto-Italic.ttf Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:27aa:3a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 99e4a85061136e99e052929ed0d85e36384fba5c34b773139a8f64339c609943 Request headers Referer https://cdn.prod.website-files.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 03 Aug 2024 10:38:24 GMT x-amz-version-id K.6cn7P.TKQlJpc2rwPUk4An9TToDFe_ content-encoding br via 1.1 947270fd040d799dde5f709fe68613e8.cloudfront.net (CloudFront) age 686119 x-amz-cf-pop PHL51-P2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Thu, 01 Feb 2024 14:50:44 GMT server AmazonS3 etag W/"cebd892d1acfcc455f5e52d4104f2719" access-control-max-age 3000 access-control-allow-methods GET, HEAD content-type application/x-font-ttf access-control-allow-origin * cache-control max-age=31536000, must-revalidate vary Accept-Encoding x-amz-cf-id 68hkvDrFxVkCDNwkbYvY-E3DD06X7AZncoCLh-rG7HZofqnFQPED4w==
GET H2	200	6536ffc6ee31b63c515fef73_Roboto-Black.ttf assets.website-files.com/6536e5317bf92f62050c3585/	164 KB 88 KB	908ms 599ms	Font application/x-font-ttf	2600:9000:27aa:3a00:11:3b84:d200:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.website-files.com/6536e5317bf92f62050c3585/6536ffc6ee31b63c515fef73_Roboto-Black.ttf Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:27aa:3a00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5ace0d0833ab83ff18ea94e4a7745f919c458ae4eabc298218226df4275ccd4d Request headers Referer https://cdn.prod.website-files.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Fri, 02 Aug 2024 23:48:32 GMT x-amz-version-id LC7K49D5wH6tDKXFHytipUF6mcbcdjJd content-encoding gzip via 1.1 947270fd040d799dde5f709fe68613e8.cloudfront.net (CloudFront) age 725111 x-amz-cf-pop PHL51-P2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-storage-class INTELLIGENT_TIERING last-modified Mon, 23 Oct 2023 23:20:39 GMT server AmazonS3 etag W/"d6a6f8878adb0d8e69f9fa2e0b622924" vary Accept-Encoding content-type application/x-font-ttf access-control-allow-origin * cache-control max-age=31536000, must-revalidate x-amz-cf-id iXNegN2hfVjuO2vtbtU065dSORMBaSa3YYWL3wjWxC0O9p-jy2sZzg==
GET H3	200	6569c2d88d994c80155279c5_Menlo_circle-arrow%E2%80%94Transparent.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	428 B 691 B	125ms 125ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6569c2d88d994c80155279c5_Menlo_circle-arrow%E2%80%94Transparent.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 889d25db4b8baec5af49f52ba44f9aabf5d3ed27620850a9fd1645746dd76668 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id OTQZHJDi9C8m5Sp0xUE2N0Mz_8m_sV6H content-encoding br cf-cache-status HIT x-amz-request-id TER1SVNZZWHVR8CK age 6191954 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 uCwsDbSO+wxfHmzwUsYkXC8djXKILcJbZPFjUAQhRM2AZzIaIggo8upVZhH7ULmvD6Pi9nbIiMU= last-modified Fri, 01 Dec 2023 11:28:41 GMT server cloudflare etag W/"684db38c541a2e1cbfaf34c61d643ed8" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c776e30cb85-LAX
GET H3	200	6564ef8254ba69f9582df989_menlo-logo-new.png cdn.prod.website-files.com/6536e5317bf92f62050c3585/	7 KB 8 KB	127ms 126ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef8254ba69f9582df989_menlo-logo-new.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ca681b2b9b415d35f4ceef886b26398a76b29856294f94751f910f44dc8e14e7 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id 6oM0EjA5C1tlifHw4zqf2v1C6h_csXyZ cf-cache-status HIT x-amz-request-id 7CPRPKPY9P6ZNFA0 age 6191954 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 7413 x-amz-id-2 NLDpgFmZarwgJLtzB93x0wYLku0MDWVQEeob98iEFkmtGGqFIm31vPwzAoA/g5g0ntKOoroVNbs= last-modified Mon, 27 Nov 2023 19:35:31 GMT server cloudflare etag "0c2965a583039629321663d795f35155" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes cf-ray 8b171c776e35cb85-LAX
GET H3	200	66ad619b81509e4a6841a53d_Open_Redirect_Phishing_Blog-p-800.png cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/	42 KB 43 KB	125ms 122ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ad619b81509e4a6841a53d_Open_Redirect_Phishing_Blog-p-800.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e554018da507fd04163fb677e722753bb29816977b22722329b744124dee2f12 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id ZNU9xQ9OOFrzGB8h5wZpNqHn9xVZlMrJ cf-cache-status HIT x-amz-request-id 2GFBZ1R9ABCJ2D52 age 334043 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 43421 x-amz-id-2 rV8aT2VK4vqhBdJdUIiCl4pBFtCsg+OIZe/MRC1d93yDNy9p7UgtHxBjrDmBMhow8NJmPBhjaXgwXaU9sw+ZdLBDCd/OsItq3AJe+DVj/mM= last-modified Fri, 02 Aug 2024 22:45:51 GMT server cloudflare etag "1009f0b698b8bdbcefd0459ae148dd78" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes cf-ray 8b171c777e44cb85-LAX
GET H3	200	66ac273c0c88bc05a9a79af9_66ac23f4d71c1540865a4e0b_Fake%2520_Amazon-Securty_Alert_email%25402x.png cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/	155 KB 156 KB	125ms 122ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac273c0c88bc05a9a79af9_66ac23f4d71c1540865a4e0b_Fake%2520_Amazon-Securty_Alert_email%25402x.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2f402adb6d872721d16ac6d180640bc134f0d3001f57c5a1b2fbf3ea5f18aaea Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id jvhJcR0G859aTuSfr0ujA8pIzj.A44Dp cf-cache-status HIT x-amz-request-id WJPWDH7MKQXPF227 age 16979 x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 158830 x-amz-id-2 Wud2cgZ2bjp0kKNg3t4NCsUgzXRkYdUcxUHlTPslJzIZOfAZ2t0Xyc9L+TUXG3iKOXUo4OCREGw= last-modified Fri, 02 Aug 2024 23:50:32 GMT server cloudflare etag "aec569d1bd70234864be0a4d54cd3b83" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes cf-ray 8b171c777e47cb85-LAX
GET H3	200	66ad5f8e4db6581a0b0d50fc_66ad5e4e0cb9e4274bfab983_GoogleDraw_Redirect_Phishing_Chain.png cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/	430 KB 430 KB	126ms 123ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ad5f8e4db6581a0b0d50fc_66ad5e4e0cb9e4274bfab983_GoogleDraw_Redirect_Phishing_Chain.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7d174b4fd89816f5bbc83cc796feecab85ae373950f2eedaa4899e4929eeb3f6 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id oslxSAUZNBUu7pBn2XpfwlvwHtAKms3F cf-cache-status HIT x-amz-request-id WJPJ90YBYAXH2WER x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 439945 x-amz-id-2 twBsUB739i1VUBNcuoJ1fTZaC4XieBtbUeBUExEvMDUh2SONU+4Cwc9VLCU9Ggmmv+RO0b1CQio6W20bXbZKRA== last-modified Fri, 02 Aug 2024 23:50:31 GMT server cloudflare etag "13ca98c25a2cfb79f5cf5e3bdacfe42e" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes cf-ray 8b171c777e49cb85-LAX
GET H3	200	66ac2a1ef01e957976cd8815_66ac24aa6f8998d5b8c3c752_Zero-hour%2520Open%253ARedirect%2520_Pic%25202.png cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/	51 KB 51 KB	127ms 124ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac2a1ef01e957976cd8815_66ac24aa6f8998d5b8c3c752_Zero-hour%2520Open%253ARedirect%2520_Pic%25202.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 528e3cc972ef7f6c2812f86e137869f6ced78785f98900aed1278f1b5a726bd9 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id nfRWNfbjGqvgK8GG8F36NxneP3VWlcg1 cf-cache-status HIT x-amz-request-id WJPSRY2V6H6BMB8D x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 52065 x-amz-id-2 phKLIqK/vigAiCdnmyOT9AEx98OluTwn0M7fSW3Yv9W8+lAehsgUfDd+cMs2BDDbfT02qMqw0YM= last-modified Fri, 02 Aug 2024 23:50:31 GMT server cloudflare etag "14fe21f7ab5876dbb32768b926238877" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes cf-ray 8b171c777e4ccb85-LAX
GET H3	200	66ac2a1ef01e957976cd881d_66ac2523a33e505e7c1a31dc_Zero-hour%2520Open%253ARedirect%2520_Pic%25203.png cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/	248 KB 249 KB	304ms 301ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac2a1ef01e957976cd881d_66ac2523a33e505e7c1a31dc_Zero-hour%2520Open%253ARedirect%2520_Pic%25203.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b2f97a83181796ad19a73f1b95d34632ab8db56d9f33f09cfff0ad799ef6bde Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id W0Zu2Igit1p6rrwirvQhPUYdDAdVQNyz cf-cache-status HIT x-amz-request-id WJPX1RFT0ATYVQX1 x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 254003 x-amz-id-2 EuKv50ir1XfE659H5gjb6u+M2e7nbbBGMuS80oJitgFIFy6BOpaKxePzuxdtiIiXPXW0TC9gxQQzY6DKVtLEZQ== last-modified Fri, 02 Aug 2024 23:50:31 GMT server cloudflare etag "a2e42b92c94cf0d3c2de5ee2455064b6" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes cf-ray 8b171c777e4dcb85-LAX
GET H3	200	6564ef5d3a4cb7b5ea3a9057_LinkedIn_white_line_icon.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	2 KB 2 KB	314ms 312ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9057_LinkedIn_white_line_icon.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f1214dfeb93c377d705ff4e3fa4026b177b09bd78db8c58fec8bed76042b22cb Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id AcNyFpFI8aAA28ygKmwAtygggpeL.GKB content-encoding br cf-cache-status HIT x-amz-request-id X81MW8332VYQZFXZ age 1780444 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 5FA8Novu1kOfowDWaVE1VYf/yp5pBabOsFnFkS2mTJnqCoPG8xg9hNKaQVpjajx+NYB9a9VYif2dRfYYEnicZg== last-modified Mon, 27 Nov 2023 19:34:54 GMT server cloudflare etag W/"3649d7f32b11c2eeaf07d7c3e255b3e4" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c777e4ecb85-LAX
GET H3	200	6564ef5d3a4cb7b5ea3a9056_Twitter_X_white_line_icon.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	2 KB 1 KB	314ms 312ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9056_Twitter_X_white_line_icon.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bb1bf908b6409ef06648805751d0ab2b5266bb25cd8649f42ebdb555dba577d1 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id LRWTCcxe1O67SFrUHw2p7xzNiJE9t1LM content-encoding br cf-cache-status HIT x-amz-request-id X81GHW0QTG2VRPDK age 6191713 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 SbwjwDtQ40AlPCs3XlgOlDgewBhjqpzmHE4A88Tu3y9umHYIdoxqm/mF9GuEM2nxlJ/kiwlUVYA= last-modified Mon, 27 Nov 2023 19:34:54 GMT server cloudflare etag W/"ec3df19575f6b8918daab65f4a4395fe" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c777e4fcb85-LAX
GET H3	200	6564ef5d3a4cb7b5ea3a9055_FaceBook_white_line_icon.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	2 KB 1 KB	315ms 312ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9055_FaceBook_white_line_icon.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 573a481f2f09d26d3f240670b5e8fe7c9660e34b8b436bf6b40edf291e9e410d Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id o7JKEdLK6GcbVtAiHBiLffzSk0uBmM7J content-encoding br cf-cache-status HIT x-amz-request-id X81P7A0VY3MWFX4Y age 1780444 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 4efBPN71AmMBgyHQlTe8mbpXefQJlU3SdPd8I5mtqhGBKpmsJtZuECA7Gwfrf8cK9AYmHl4Rv54= last-modified Mon, 27 Nov 2023 19:34:54 GMT server cloudflare etag W/"c306b7effae56674b98577f22bb9f84f" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c777e50cb85-LAX
GET H3	200	659c987cfb5d1e96866d5723_email_white_line_icon.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	2 KB 1 KB	314ms 312ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/659c987cfb5d1e96866d5723_email_white_line_icon.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6ded09789782fad99733cac6a94fc617f55aae1605849fa40c2b21db8a5eec34 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id fG1pMh0vPM9GwN628Hq8vJ4YzhiRfPiK content-encoding br cf-cache-status HIT x-amz-request-id 3QDJACSF2TZ140FH age 541321 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 hD8JQbX2xmsvKlg8xfgRTuauetoiunxZyJR6/cXcM78YvcR6IwXedXyAkXXq18C7PKrgfME9zgzDCLv1hUuX1g== last-modified Tue, 09 Jan 2024 00:51:10 GMT server cloudflare etag W/"6bb63141af64165f33d46a4826528814" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c777e52cb85-LAX
GET H3	200	668467a960b3d1dabe55bc5f_Report_H_Cyber-Gangs.png cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/	161 KB 161 KB	316ms 314ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/668467a960b3d1dabe55bc5f_Report_H_Cyber-Gangs.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 741b4bf86c9ecab30e483e9e90ed39c90503196047817d04c1279693dcffd9e1 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id ODTUf9LDHquVVFC0Q536TWgu.LFmuiCX cf-cache-status HIT x-amz-request-id ZYC30TW9TAMH9X9K age 402281 x-amz-server-side-encryption AES256 x-amz-storage-class INTELLIGENT_TIERING alt-svc h3=":443"; ma=86400 content-length 164861 x-amz-id-2 xnmBu4tbJ7ceqMC6nGielf3ss0oHo1XQMKGibSYArOnGKOvaX9ukkG8Bl2J8PiYwPRAxJFIvd60= last-modified Tue, 02 Jul 2024 20:48:42 GMT server cloudflare etag "df4915daf07d75f5db42884380f453ff" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes cf-ray 8b171c777e54cb85-LAX
GET H3	200	6569c1ab2800036a4d82da3e_Menlo_circle-arrow%E2%80%94Orange.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	431 B 678 B	368ms 367ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6569c1ab2800036a4d82da3e_Menlo_circle-arrow%E2%80%94Orange.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3b7b6e95be24a1a3898f651bec06bb95389d379b49b1f1b0f9a1f4f9fdfb12bc Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id KAN4xukQJ9M_c85FEWZgwpefEOgAmQid content-encoding br cf-cache-status HIT x-amz-request-id 7ZPB94DAMHJMMPCP age 527545 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 Ao757ps8Oxbl2c1KtpRfTbjSJETqWEfpEQ8LiN7OmdZTz/xADCo3geM4eNO2kl7vU8181u1wWrA= last-modified Fri, 01 Dec 2023 11:21:17 GMT server cloudflare etag W/"542e4012b8e5a35ffab762743a6519df" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c777e55cb85-LAX
GET H2	200	getForm Show response info.menlosecurity.com/index.php/form/	23 KB 5 KB	292ms 291ms	Script application/javascript	104.17.71.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.menlosecurity.com/index.php/form/getForm?munchkinId=281-OWV-899&form=2571&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&callback=jQuery37107500778269003816_1723367622386&_=1723367622387 Requested by Host: info.menlosecurity.com URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 363da60249f517d2fe45e6e0f9159caab53fc49a7bae4f660fea38ed7f2ad0bd Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip server cloudflare cf-ray 8b171c785db1faf4-SJC cached true vary Accept-Encoding content-type application/javascript; charset=utf-8
GET H2	200	location Show response geolocation.onetrust.com/cookieconsentpub/v1/geo/	71 B 309 B	205ms 79ms	XHR application/json	2606:4700::6812:1d7f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4da8a6638ad70698ad3d01aa0ef124aebe35c297685c0796b174822f597b1d09 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip server cloudflare vary Accept-Encoding access-control-allow-methods GET, OPTIONS content-type application/json access-control-allow-origin * cf-ray 8b171c792ded69bc-LAX access-control-allow-headers Content-Type
GET H3	200	worker-901866d454d4d566d4cdb1be47c31eddbr.js Show response dev.visualwebsiteoptimizer.com/edrv/	258 KB 63 KB	126ms 63ms	XHR text/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/edrv/worker-901866d454d4d566d4cdb1be47c31eddbr.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gla2 / Resource Hash 1f1889718b45ffbc73b50e9847f5baf05067172aef4e4aa9736f4c7d152f7f83 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding br via 1.1 google last-modified Fri, 09 Aug 2024 09:12:46 GMT server gla2 etag "66b5dd8e-fa3a" vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 64058
GET H3	200	va_gq-4bfd5099c74de7f52e7b801fb9aff9c8br.js Show response dev.visualwebsiteoptimizer.com/edrv/	267 KB 69 KB	131ms 68ms	XHR text/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/edrv/va_gq-4bfd5099c74de7f52e7b801fb9aff9c8br.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gla2 / Resource Hash ddd573dd01884add0f02bead17f04f416477b3f3c289b55e8bc510ddddf61882 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding br via 1.1 google last-modified Fri, 09 Aug 2024 09:12:49 GMT server gla2 etag "66b5dd91-1147e" vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 70782
GET H2	200	v.gif dev.visualwebsiteoptimizer.com/	35 B 146 B	126ms 125ms	Image image/gif	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=910208&d=menlosecurity.com&u=D7E4597851CE735EE8D06AE9749ECC8A6&h=58ec97ebdc894a0058e43888743015e4&t=false Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv03c / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT via 1.1 google x-content-type-options nosniff server gnv03c content-type image/gif access-control-allow-origin * cache-control public, max-age=43200 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35
GET H3	200	6564ef5d3a4cb7b5ea3a9059_Footer_grad_background_01.svg cdn.prod.website-files.com/6536e5317bf92f62050c3585/	963 B 935 B	207ms 206ms	Image image/svg+xml	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9059_Footer_grad_background_01.svg Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 24f95156ad08aa62d037edcb9140e7525436ae784cb8dbf827e4dd73c049a9c7 Request headers Referer https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id wZrIwSiQ3HB_4mBj4RzB_7r35bkJm7eb content-encoding br cf-cache-status HIT x-amz-request-id 7CPGNBQMGDHH9NE8 age 1277634 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 x-amz-id-2 CQ7a4W8fdCwunc2PsS0QyFmJDrLOYsYFhEDCaMzqzhOynLXtRktzSnIoxQiCjei7/64dpW+gfkk= last-modified Mon, 27 Nov 2023 19:34:54 GMT server cloudflare etag W/"06bc9b55903dee3955c218722211ea0b" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate cf-ray 8b171c787864cb85-LAX
GET H3	200	659d74d1fd14b8b43c2954f8_privacyoptions-gry.png cdn.prod.website-files.com/6536e5317bf92f62050c3585/	445 B 826 B	206ms 206ms	Image image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/659d74d1fd14b8b43c2954f8_privacyoptions-gry.png Requested by Host: cdn.prod.website-files.com URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cce437faf73c67f2163692a58b9a23a154facef1d77fe1ae8ad189659b56a93a Request headers Referer https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.e7c113e4e.min.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT x-amz-version-id qGQd80XCMBzwZfe3ECBhNqfx2KNpdjGz cf-cache-status HIT x-amz-request-id 93AA4S5B3HR7PYHJ age 353522 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 445 x-amz-id-2 qsYJNyUagOJ3y4AHVCcMzp2Pa2xqCQpHXfdX3LpXgMpVoDggJJN9+ifbLN7vxzi5K+S/v9N5Byg= last-modified Tue, 09 Jan 2024 16:31:14 GMT server cloudflare etag "b6ed571ffee761eed42633f077351e2f" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes cf-ray 8b171c787867cb85-LAX
GET H2	200	otBannerSdk.js Show response cdn.cookielaw.org/scripttemplates/202407.1.0/	451 KB 110 KB	72ms 72ms	Script application/javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 51c8dc48fb49d5df075bf32d6655815cce9440a80bef0458f72a5bb85fa96d4f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 OB5ZPaM1F+xqSvW4fnjknQ== age 61272 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 112090 x-ms-lease-status unlocked last-modified Wed, 24 Jul 2024 02:02:43 GMT server cloudflare etag 0x8DCAB84B4C53B13 vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-ms-request-id 40aab4d2-001e-0048-0fd9-dda117000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c79beaf5331-LAX
GET BLOB	200 OK	61e533d1-5a04-4ad1-9795-3a9e901c0f98 https://www.menlosecurity.com/	259 KB 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.menlosecurity.com/61e533d1-5a04-4ad1-9795-3a9e901c0f98 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 0906185ede20c5e5b293e6dd3d16a4310944ccb6756b840741c8cbedf96891b5 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Length 264960 Content-Type application/javascript
GET H3	200	s.gif dev.visualwebsiteoptimizer.com/	35 B 53 B	127ms 127ms	Image image/gif	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7E4597851CE735EE8D06AE9749ECC8A6&s=1723367622&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22en-us%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1723367622744%2C%22tO%22%3A10%2C%22tz%22%3A%22Pacific%2FHonolulu%22%7D&cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&r=0&p=1&cq=0&vn=undefined&vns=undefined&vno=undefined&eTime=1723367622754&v=918c0c886 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv03c / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:42 GMT via 1.1 google x-content-type-options nosniff server gnv03c content-type image/gif access-control-allow-origin * cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 10 Jan 2005 00:00:01 GMT
GET H2	200	forms2.css info.menlosecurity.com/js/forms2/css/	13 KB 3 KB	87ms 86ms	Stylesheet text/css	104.17.71.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.menlosecurity.com/js/forms2/css/forms2.css Requested by Host: info.menlosecurity.com URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Fri, 19 Jul 2024 20:11:11 GMT server cloudflare age 2081 etag "bc07c7-3437-61d9f4beb95c0" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 8b171c7a8f06faf4-SJC content-length 2623 expires Sun, 11 Aug 2024 13:13:42 GMT
GET H2	200	forms2-theme-plain.css info.menlosecurity.com/js/forms2/css/	828 B 331 B	88ms 88ms	Stylesheet text/css	104.17.71.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.menlosecurity.com/js/forms2/css/forms2-theme-plain.css Requested by Host: info.menlosecurity.com URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Fri, 19 Jul 2024 20:11:11 GMT server cloudflare age 2081 etag "bc07ca-33c-61d9f4beb95c0" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 8b171c7a8f08faf4-SJC content-length 246 expires Sun, 11 Aug 2024 13:13:42 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 964 B	379ms 132ms	Stylesheet text/css	2607:f8b0:400d:c07::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Raleway Requested by Host: info.menlosecurity.com URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c07::5f Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash cdbcbb6ab7680b6f7ee6f09ff2a54b0e8e3eb6e758efb1c0a7fe5e71fb0da118 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 11 Aug 2024 08:04:29 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 11 Aug 2024 09:13:43 GMT
GET H2	200	en.json Show response cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/018f8327-db57-7e9c-8d4f-7930ec1b3d9d/	87 KB 18 KB	84ms 84ms	Fetch application/x-javascript	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/1a750de4-f18f-43d4-8b13-4ead3aa824f4/018f8327-db57-7e9c-8d4f-7930ec1b3d9d/en.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 455baed649349d2d901dd1b3def63a589e1fa4de205a69dbaa0e7f1c2620edbf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT strict-transport-security max-age=31536000; includeSubDomains; preload age 35814 content-md5 b+8zfRXbSd4vYy2iwC/png== content-length 18521 x-ms-lease-status unlocked last-modified Mon, 22 Jul 2024 21:21:50 GMT server cloudflare etag 0x8DCAA944D1791DF vary Accept-Encoding content-type application/x-javascript access-control-allow-origin * x-ms-request-id b7831c69-c01e-00b0-087d-dc6a0a000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c7aa80014e0-LAX expires Mon, 12 Aug 2024 09:13:42 GMT
GET H3	200	track-1ea7cbb10efd94fd1ef034fb4f3678ba.js Show response dev.visualwebsiteoptimizer.com/7.0/	16 KB 4 KB	63ms 63ms	Script text/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/7.0/track-1ea7cbb10efd94fd1ef034fb4f3678ba.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gla2 / Resource Hash 93b1d37c33aa63cb0ac94a63bdb17f37c756702f2d9058dcc30f9dc6e60fd042 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding br via 1.1 google last-modified Fri, 09 Aug 2024 09:13:00 GMT server gla2 etag "66b5dd9c-11ab" vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4523
GET H3	200	settings.js Show response dev.visualwebsiteoptimizer.com/	8 KB 3 KB	67ms 67ms	Script application/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/settings.js?a=910208&settings_type=1&vn=&eventArch=1&uuid=&tS=1&ec=1309732|1309735&exc=6|8|11|13 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gla2 / Resource Hash 2907ee56fc86d2565b3a49b98f8b3868faa189d9427c1f5ddf3c503fbd4ddcbf Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip via 1.1 google server gla2 etag W/"1723194789_EA" content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=0, no-cache, must-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST H3	200	t dev.visualwebsiteoptimizer.com/events/	0 36 B	135ms 134ms	Ping application/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/events/t?en=vwo_variationShown&a=910208&v=918c0c886&_cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exp Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv03c / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip via 1.1 google server gnv03c access-control-allow-methods GET, POST content-type application/javascript; charset=UTF-8 access-control-allow-origin * access-control-allow-headers X-Device-User-Agent, Vwo-X-Forwarded-For alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST H3	200	l.gif dev.visualwebsiteoptimizer.com/	35 B 53 B	126ms 126ms	Ping image/gif	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=6&account_id=910208&cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&combination=1&s=1&sId=1723367622&u=D7E4597851CE735EE8D06AE9749ECC8A6&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22en-us%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1723367622865%2C%22tO%22%3A10%2C%22tz%22%3A%22Pacific%2FHonolulu%22%7D&vn=undefined&vns=undefined&vno=undefined&eTime=1723367622874&v=918c0c886 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv03c / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:42 GMT via 1.1 google x-content-type-options nosniff server gnv03c content-type image/gif access-control-allow-origin * cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 10 Jan 2005 00:00:01 GMT
GET H2	200	otFlat.json Show response cdn.cookielaw.org/scripttemplates/202407.1.0/assets/	13 KB 3 KB	74ms 74ms	Fetch application/json	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/otFlat.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 Jby9k1ulZUoqHRoLPkzJJA== age 35814 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 3003 x-ms-lease-status unlocked last-modified Wed, 24 Jul 2024 02:02:37 GMT server cloudflare etag 0x8DCAB84B133BB3A vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 55be0606-301e-0040-1c11-deba64000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c7b488414e0-LAX
GET H2	200	otPcCenter.json Show response cdn.cookielaw.org/scripttemplates/202407.1.0/assets/v2/	62 KB 13 KB	73ms 73ms	Fetch application/json	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/v2/otPcCenter.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 5c9cLQBQ5NMMvDEvN8aWeQ== age 35814 strict-transport-security max-age=31536000; includeSubDomains; preload content-length 12723 x-ms-lease-status unlocked last-modified Wed, 24 Jul 2024 02:02:39 GMT server cloudflare etag 0x8DCAB84B285737D vary Accept-Encoding content-type application/json access-control-allow-origin * x-ms-request-id 2d6b0f71-f01e-0019-5011-debfe2000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c7b488614e0-LAX
GET H2	200	otCommonStyles.css Show response cdn.cookielaw.org/scripttemplates/202407.1.0/assets/	24 KB 4 KB	72ms 72ms	Fetch text/css	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/otCommonStyles.css Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:42 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 HyPJ72TNHxdfOI82cqKVqA== age 35814 x-ms-lease-status unlocked last-modified Wed, 24 Jul 2024 02:02:48 GMT server cloudflare vary Accept-Encoding content-type text/css access-control-allow-origin * x-ms-request-id 288bb514-d01e-000e-2210-de7f81000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 8b171c7b488814e0-LAX
GET H2	200	XDFrame Show response info.menlosecurity.com/index.php/form/ Frame 2309	2 KB 889 B	102ms 100ms	Document text/html	104.17.71.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.menlosecurity.com/index.php/form/XDFrame Requested by Host: info.menlosecurity.com URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b43508242f21a59b37bba45231dd25c6c861e079ef05607273c620337e217b9b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers cache-control max-age=3600 cf-cache-status DYNAMIC cf-ray 8b171c7bbfc8faf4-SJC content-encoding gzip content-type text/html; charset=utf-8 date Sun, 11 Aug 2024 09:13:43 GMT server cloudflare vary Accept-Encoding x-content-type-options nosniff
GET H3	200	s.gif dev.visualwebsiteoptimizer.com/	35 B 53 B	147ms 146ms	Image image/gif	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7E4597851CE735EE8D06AE9749ECC8A6&s=1723367622&p=1&update=1&cq=1&vn=undefined&vns=undefined&vno=undefined&eTime=1723367622969&v=918c0c886&_cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exp&random=0.008753308645221614 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv03c / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:43 GMT via 1.1 google x-content-type-options nosniff server gnv03c content-type image/gif access-control-allow-origin * cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 10 Jan 2005 00:00:01 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	345 KB 110 KB	294ms 292ms	Script application/javascript	2607:f8b0:400d:c09::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ed6e1aa33da09ec91173cb7b8297c2a3acb85565f588b1fde22d06e6fa1dbe1e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 112310 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 11 Aug 2024 09:13:43 GMT
GET H2	200	9d098b8d-9cde-40ee-beab-3b850059beba.js Show response j.6sc.co/j/	4 KB 2 KB	510ms 172ms	Script application/javascript	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/j/9d098b8d-9cde-40ee-beab-3b850059beba.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 2a4274b3cc3e0f1c657d92cd91051243635cf08951925f7dabcf24ce7005b0d0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-amz-version-id 2xVIr_VLK.K69VKXDZbBKfWOdjNXST5u content-encoding gzip date Sun, 11 Aug 2024 09:13:43 GMT x-amz-cf-pop IAD79-C3 x-amz-server-side-encryption AES256 x-amz-meta-content-type application/json content-length 1456 last-modified Thu, 04 Jan 2024 00:00:45 GMT server AmazonS3 etag "a78e9f870ad4c64f810b2020cca5d9ee" vary Accept-Encoding content-type application/javascript cache-control private, max-age=1800 accept-ranges bytes x-amz-cf-id pWjIgan2dbD7aLcFAR8Zq8RWBQUD2IVU0cdBr-RqDoFCtrijiBbOSw== expires Sun, 11 Aug 2024 09:43:43 GMT
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	426ms 119ms	Script application/javascript	146.75.28.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip last-modified Thu, 04 Apr 2024 00:26:35 GMT x-amz-server-side-encryption AES256 etag "bbbcf811d8437a575d796a4c1e5d4fad+gzip" vary Accept-Encoding,Host x-cache HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15412 x-served-by cache-iad-kiad7000100-IAD
GET H2	200	hotjar-1854968.js Show response static.hotjar.com/c/	11 KB 5 KB	459ms 145ms	Script application/javascript	18.239.183.93 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-1854968.js?sv=7 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.183.93 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-183-93.bos50.r.cloudfront.net Software / Resource Hash 9a4cbe0f91ede8c1937cbe9d3f52dfd0e97ca30ce7da3cbdb6f48afe3c245c6a Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:10 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 1400daf58929007edfec4f92e9b3dde8.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P4 age 33 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin etag W/937d319c39b9019fc88588964b0efa2f vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control max-age=60 x-cache-hit 1 x-amz-cf-id OsgtbWrJYEvSX71A0UQAZtqcmf69Z2p3sOfsqvbOP-qOEJNpcwYOyQ==
GET H2	200	destination Show response www.googletagmanager.com/gtag/	267 KB 92 KB	192ms 191ms	Script application/javascript	2607:f8b0:400d:c09::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e7714151700efbf097dd27a3a68c1799a5a65e9a582047c2f067c0c093720c79 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 94154 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 11 Aug 2024 09:13:43 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	474ms 140ms	Script application/javascript	2600:1408:c400:5::17c7:3719 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:5::17c7:3719 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 24 Jul 2024 05:33:09 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=15598 accept-ranges bytes content-length 14597
GET H2	200	destination Show response www.googletagmanager.com/gtag/	228 KB 82 KB	130ms 130ms	Script application/javascript	2607:f8b0:400d:c09::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c09::61 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 004dad0658d8a1c334a130713784a42f2795d278fe36a77856deb3fb2e975e2e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 84087 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 11 Aug 2024 09:13:43 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	225 KB 60 KB	406ms 121ms	Script application/x-javascript	2a03:2880:f003:c0e:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Sun, 11 Aug 2024 09:13:43 GMT document-policy force-load-at-top x-fb-server-load 30 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58865 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality GOOD; q=0.7, rtt=118, rtx=0, c=12, mss=1297, tbw=2772, tp=-1, tpl=-1, uplat=1, ullat=-1 pragma public x-fb-debug BU0ySbOl0HIUYC5kdG+YxNh3ElievPINT0VSVb7/+hSJ2KUJP6fm9IZs12WYoUYP7Apq68l85BN0wtz98H6fWw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	415ms 124ms	Script application/x-javascript	23.13.172.203 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.13.172.203 Ashburn, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-13-172-203.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Sun, 11 Aug 2024 09:13:43 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	widget.js Show response app.hushly.com/runtime/	1 KB 2 KB	390ms 103ms	Script text/javascript	34.208.92.192 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.hushly.com/runtime/widget.js?aid=83162 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.208.92.192 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-208-92-192.us-west-2.compute.amazonaws.com Software / Resource Hash 8a85f44f68fa946318aff49a37ea5927285ec746ea2db60f33018cfcb5e316a3 Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy no-referrer-when-downgrade content-security-policy content-type text/javascript;charset=utf-8 cache-control no-cache, no-store, must-revalidate expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	trrsm2wf4gwm.js Show response js.driftt.com/include/1723367700000/	221 KB 62 KB	565ms 199ms	Script application/javascript	18.161.34.106 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/include/1723367700000/trrsm2wf4gwm.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.34.106 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-34-106.bos50.r.cloudfront.net Software istio-envoy / Resource Hash 889da033525190aa887d2361d6cb460c50e9b128e017c33f4499063aeaa73632 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-amz-version-id y3tne.Y80za7KusdtSa.ECjRnvsUlRYa strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip date Sun, 11 Aug 2024 09:13:43 GMT via 1.1 184a95922b126979aa787a0b813895fe.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P2 x-amz-server-side-encryption AES256 x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 37 last-modified Wed, 24 Jul 2024 21:19:18 GMT server istio-envoy etag W/"a69573aefab19654390c860151e62853" vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control no-cache access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id T4oyE7fEe-mxAX5peZUVH9JOlSTUusumI9qeMBFp8JM-44oCXIWMhw==
GET H2	200	fullcircle.js Show response d2i34c80a0ftze.cloudfront.net/	32 KB 11 KB	461ms 141ms	Script application/json	2600:9000:27aa:e800:9:14eb:6280:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:27aa:e800:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 5f8ece9fc3c316bd78480ef2f48dc82b47f84a1a2a39ddd4a0fec27a720cae41 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sat, 10 Aug 2024 10:48:03 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 747643510d5744fd5b06cb1647567818.cloudfront.net (CloudFront), 1.1 0e031f4a451675f03e731fae7fd2d1aa.cloudfront.net (CloudFront) content-encoding gzip x-amz-cf-pop IAD55-P5, PHL51-P2 age 80740 x-amzn-trace-id Root=1-66b74563-507bb4c1367f880f62c70ddf;Parent=7cf17991395638b9;Sampled=0;lineage=be50798f:0 x-amzn-requestid 271e5bf0-a35d-4174-ac3c-acf6bd0117be vary Accept-Encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * x-amz-apigw-id cSfHoE3wPHcEPvA= x-amz-cf-id 9ZzLVukfuDzsPQSOHHqYAuGwYeNsg9VUWMKdbmf5mZrlSFeUQ1dNaQ==
GET H2	200	tracking.js Show response trk.techtarget.com/	3 KB 2 KB	309ms 97ms	Script text/javascript	2606:4700:4400::6812:24c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk.techtarget.com/tracking.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains; preload Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT via 1.1 google content-encoding br cf-cache-status HIT cf-bgj minify last-modified Tue, 13 Dec 2022 15:01:39 GMT strict-transport-security max-age=0; includeSubDomains; preload age 24902 server cloudflare vary Accept-Encoding content-type text/javascript cache-control public, max-age=1200 cf-ray 8b171c7ddc892ec3-LAX expires Sun, 11 Aug 2024 09:33:43 GMT
GET H2	200	main.js Show response cdn.servicebell.com/	476 KB 146 KB	368ms 86ms	Script text/javascript	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.servicebell.com/main.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 51137998c2486b4abfde3f381b5de2673911f6fa242e6d9920d1396393fd3ef7 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=0; includeSubDomains content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id GFTSRTY8JR5FQF89 age 6846 cf-polished origSize=487031 x-amz-id-2 WtB91UuuLbl9sHtl0qT+kNBC1b7Uc3iERZMJw5NflEZxkyqdgMC0tI+XMhQH4FqoTGq71y5+qzg= cf-bgj minify last-modified Wed, 07 Aug 2024 23:07:31 GMT server cloudflare etag W/"fc111fda6f0a09159091a402739b9d93" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HrprZUGlTmTtoDwKX%2B6kE%2BZFGoY%2BG%2BkxtueeLc8b9hly2c6rQjkpZl0jhqzKrbd41HWWaaGd22YIkOi2HRk31Xd0kcmEhFPvAW3hSClopcpyUVUNoWa0Os2OXEA1EAS2GYkCPf4YJPXHeOsM4NF0MY8%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=1800 cf-ray 8b171c803c8e2ad5-LAX
GET H2	200	79031691.js Show response extend.vimeocdn.com/ga/	17 KB 6 KB	434ms 114ms	Script text/javascript	146.75.78.109 FASTLY
General Check archive.org Show headers Download Go to Full URL https://extend.vimeocdn.com/ga/79031691.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 146.75.78.109 Chicago, United States, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers expires Sat, 29 Jul 2034 11:05:29 GMT date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip via 1.1 varnish age 943694 x-cache HIT content-length 5579 x-served-by cache-chi-kigq8000057-CHI last-modified Wed, 31 Jul 2024 08:50:29 GMT server Apache x-timer S1723367624.789043,VS0,VE0 etag "421e-61e872fa49f40-gzip" vary Accept-Encoding content-type text/javascript; charset=utf-8 x-vimeo-dc ge x-bapp-server assets-589c845d7f-vfrf2 cache-control max-age=86400 accept-ranges bytes timing-allow-origin * x-cache-hits 95234
GET H2	200	ot_guard_logo.svg Show response cdn.cookielaw.org/logos/static/	497 B 512 B	71ms 71ms	Fetch image/svg+xml	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 tXyZydHjxQshFMbbBT1/8A== age 35814 x-ms-lease-status unlocked last-modified Thu, 08 Aug 2024 20:27:01 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 9be14d9a-101e-00b2-4135-ea68f0000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 8b171c7c69ca14e0-LAX
GET H2	200	Menlo_New_Logo_160x72.png cdn.cookielaw.org/logos/2f43eebf-9aac-4632-87e4-6268b1418b72/ce67c8cb-02a5-44f4-95ab-23be1999afaa/bc5a7fa0-e0fc-42c9-a06a-7f44950f9f42/	8 KB 8 KB	75ms 74ms	Image image/png	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.cookielaw.org/logos/2f43eebf-9aac-4632-87e4-6268b1418b72/ce67c8cb-02a5-44f4-95ab-23be1999afaa/bc5a7fa0-e0fc-42c9-a06a-7f44950f9f42/Menlo_New_Logo_160x72.png Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 968c23bd561be413529e07f4120fe8185bc3ee1c1f05b5139dc9e928cdb00a0e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-md5 yWIikxyLY3qGGPROGgs5vA== age 46179 content-length 7710 x-ms-lease-status unlocked last-modified Fri, 11 Aug 2023 14:24:48 GMT server cloudflare etag 0x8DB9A76B7AFEBD7 vary Accept-Encoding content-type image/png access-control-allow-origin * x-ms-request-id 2ccea072-701e-0035-4d50-795597000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 8b171c7c786a5331-LAX
GET H2	200	powered_by_logo.svg cdn.cookielaw.org/logos/static/	5 KB 2 KB	81ms 81ms	Image image/svg+xml	2606:4700::6812:562a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.cookielaw.org/logos/static/powered_by_logo.svg Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding gzip content-md5 Y+c301RBZNK39PvKQWrIBw== age 24949 x-ms-lease-status unlocked last-modified Thu, 08 Aug 2024 20:27:02 GMT server cloudflare vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id 21a99458-c01e-0033-4d8f-eacaa7000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control max-age=86400 x-ms-version 2009-09-19 cf-ray 8b171c7c786c5331-LAX
GET H2	200	forms2.min.js Show response info.menlosecurity.com/js/forms2/js/ Frame 2309	199 KB 0	0ms 0ms	Script application/x-javascript	104.17.71.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.menlosecurity.com/js/forms2/js/forms2.min.js Requested by Host: info.menlosecurity.com URL: https://info.menlosecurity.com/index.php/form/XDFrame Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://info.menlosecurity.com/index.php/form/XDFrame User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT last-modified Fri, 19 Jul 2024 20:11:11 GMT server cloudflare age 2083 etag "bc080e-31b30-61d9f4beb95c0" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 8b171c771cadfaf4-SJC expires Sun, 11 Aug 2024 13:13:42 GMT
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10976805707/	3 KB 1 KB	383ms 139ms	Script text/javascript	142.251.163.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10976805707/?random=1723367623271&cv=11&fst=1723367623271&bg=ffffff&guid=ON&async=1&gtm=45be4880v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=1649402048.1723367623&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS wv-in-f154.1e100.net Software cafe / Resource Hash 73647db847b08dce70c18556928c9ec39e54258d0c0e9e3796fab99d2cc06ca8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:43 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1447 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	s.gif dev.visualwebsiteoptimizer.com/	35 B 53 B	176ms 176ms	Image image/gif	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7E4597851CE735EE8D06AE9749ECC8A6&s=1723367622&p=1&tags={%22si%22:{%2211%22:%221%22}}&eg=1&update=1&cq=1&vn=undefined&vns=undefined&vno=undefined&eTime=1723367623290&v=918c0c886&_cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exp Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gnv03c / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:43 GMT via 1.1 google x-content-type-options nosniff server gnv03c content-type image/gif access-control-allow-origin * cache-control private, no-cache, no-cache=Set-Cookie, proxy-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 10 Jan 2005 00:00:01 GMT
GET H3	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/	43 B 61 B	362ms 136ms	Script text/javascript	142.251.163.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/?random=1723367623333&cv=11&fst=1723367623333&bg=ffffff&guid=ON&async=1&gtm=45be4880v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=1649402048.1723367623&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.163.154 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS wv-in-f154.1e100.net Software cafe / Resource Hash 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:43 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 37 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect analytics.google.com/g/	0 0	374ms 122ms	Fetch text/plain	2607:f8b0:400d:c02::71 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://analytics.google.com/g/collect?v=2&tid=G-C2G0PCSJKE&gtm=45je4880v868642232z8830118234za200zb830118234&_p=1723367622200&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=566258091.1723367623&ecid=366654389&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&ec_mode=a&_eu=EA&_s=1&sid=1723367623&sct=1&seg=0&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2384 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c02::71 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:43 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.menlosecurity.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 258 B	387ms 131ms	Ping text/plain	2607:f8b0:4004:c21::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-C2G0PCSJKE&cid=566258091.1723367623&gtm=45je4880v868642232z8830118234za200zb830118234&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c21::9b Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.menlosecurity.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	gif.gif Show response ibc-flow.techtarget.com/a/	43 B 446 B	149ms 147ms	XHR image/gif	34.111.208.231 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16648054&r=1723367623461&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&version=2.4 Requested by Host: trk.techtarget.com URL: https://trk.techtarget.com/tracking.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 231.208.111.34.bc.googleusercontent.com Software nginx/1.20.2 / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers ibc_rate_tier 16648054 Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT via 1.1 google x-guploader-uploadid AHxI1nPmn9h49HSavtfDkMr52HdGyuApf1ngnfPaV3oDZa5NDLu4H-ndO3SHpXdxem6pmZ8Fmux6qCQqrw x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 last-modified Thu, 08 Dec 2022 21:19:29 GMT server nginx/1.20.2 etag "fc94fb0c3ed8a8f909dbc7630a0987ff" vary Origin x-goog-generation 1670534369365034 content-type image/gif access-control-allow-origin * x-goog-hash crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w== cache-control public, max-age=3600 access-control-allow-methods GET, POST, OPTIONS x-goog-stored-content-length 43 accept-ranges bytes access-control-allow-headers ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range expires Sun, 11 Aug 2024 10:13:43 GMT
OPTIONS H2	200	gif.gif ibc-flow.techtarget.com/a/ Frame	0 0	371ms 143ms	Preflight text/html	34.111.208.231 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16648054&r=1723367623461&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&version=2.4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 231.208.111.34.bc.googleusercontent.com Software nginx/1.20.2 / Resource Hash Request headers Accept */* Access-Control-Request-Headers ibc_rate_tier Access-Control-Request-Method GET Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-headers ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Sun, 11 Aug 2024 09:13:43 GMT expires Sun, 11 Aug 2024 09:13:43 GMT server nginx/1.20.2 vary Origin via 1.1 google x-guploader-uploadid AHxI1nPQyEpu-t0uP4IJIgRRoSaYCoq5stsC0z8JHKhyOd4FvyQYP0qZBFFkwWzxsurAYqEdLqFueEOi1Q
GET H2	200	widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js Show response app.hushly.com/assets/	426 KB 127 KB	176ms 176ms	Script text/javascript	34.208.92.192 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.hushly.com/assets/widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js Requested by Host: app.hushly.com URL: https://app.hushly.com/runtime/widget.js?aid=83162 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.208.92.192 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-208-92-192.us-west-2.compute.amazonaws.com Software / Resource Hash d209a1c0d5520a15aff672f1d2a1245b866c0a0ea1c3b3d614154739e601fa0b Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip last-modified Fri, 26 Jul 2024 09:01:08 GMT etag "widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js" vary Accept-Encoding content-type text/javascript;charset=UTF-8 cache-control public, max-age=31536000 content-length 128993
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	155ms 155ms	Script application/x-javascript	23.13.172.203 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.13.172.203 Ashburn, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-13-172-203.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Sun, 11 Aug 2024 09:13:43 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Tue, 19 Nov 2024 09:13:43 GMT
GET H2	200	adsct t.co/i/	43 B 375 B	369ms 163ms	Image image/gif	72.21.81.130 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?bci=3&eci=2&event_id=a31f626e-45f7-49df-8380-cfb439d90062&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=547e98be-0830-4030-8166-263e6ebc9d4c&tw_document_href=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nx5nr&type=javascript&version=2.3.30 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.21.81.130 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software tsa_p / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-response-time 6 date Sun, 11 Aug 2024 09:13:42 GMT strict-transport-security max-age=0 server tsa_p content-type image/gif;charset=utf-8 x-transaction-id b9d7d92e5edf9dbe cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash ea667da1f8f755047a3d99d1c3ef146bbc94a6a62ad4276144a059761bd000e5 content-length 43
GET H2	200	adsct analytics.twitter.com/i/	43 B 392 B	285ms 91ms	Image image/gif	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=a31f626e-45f7-49df-8380-cfb439d90062&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=547e98be-0830-4030-8166-263e6ebc9d4c&tw_document_href=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nx5nr&type=javascript&version=2.3.30 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_p / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-response-time 5 date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=631138519 server tsa_p content-type image/gif;charset=utf-8 x-transaction-id d18db8be4c444f24 cache-control no-cache, no-store, max-age=0 perf 7402827104 x-connection-hash 15cf336de713d35bd329065f18255da04cb522ba99d9a7ef2cf039e2ab91ecd8 content-length 43
GET H2	200	modules.8da33a8f469c3b5ffcec.js Show response script.hotjar.com/	223 KB 56 KB	447ms 153ms	Script application/javascript	18.239.183.35 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-1854968.js?sv=7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.183.35 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-183-35.bos50.r.cloudfront.net Software / Resource Hash 76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 30 Jul 2024 14:23:06 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 6bfb0f21933c5e0b22a785cd4b3a1c08.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P4 age 1018237 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 56385 last-modified Tue, 30 Jul 2024 14:22:40 GMT etag "0728625a147ca79276a1790b9cf3175d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id Ay9eZdbQ--rEynGrkpyvbAAnRXcZrJjPaxMK9IalZHX5uRL_C3-Udw==
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 762 B	295ms 110ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers Accept * Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:42 GMT content-encoding gzip x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 7FAD918D0E864C61B4F89D483A88F247 Ref B: LAX311000114047 Ref C: 2024-08-11T09:13:43Z access-control-allow-methods GET, OPTIONS x-li-fabric prod-ltx1 access-control-allow-origin * x-cache CONFIG_NOCACHE content-type application/json x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYfZMsHwo0/EGwc36TEqQ== x-fs-uuid 00061f64cb07c28d3f106c1cdfa4c4a9
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&c... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1723367623503%26url%3Dhttps%253A%252F%252Fwww.menlosecurity.com%2... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&c... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&...	0 488 B	312ms 120ms	Image application/javascript	2620:1ec:50::12 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQJRYhSqnMq_WAAAAZFAtw5Y-vWqyJjKoo4lMfsY7JySdT7dXGgDfNuOEdY2kfMmvebaIw Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Server 2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: E219E3D7F236493887483FF05D1D8514 Ref B: LAX311000112021 Ref C: 2024-08-11T09:13:44Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-ltx1 x-li-proto http/2 content-length 0 x-li-uuid AAYfZMsUdaQo8f4iklvhEw== Redirect headers date Sun, 11 Aug 2024 09:13:43 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: A85545AFB670445A981BE43BE4EDA8B7 Ref B: LAX311000115019 Ref C: 2024-08-11T09:13:44Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1723367623503&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQJRYhSqnMq_WAAAAZFAtw5Y-vWqyJjKoo4lMfsY7JySdT7dXGgDfNuOEdY2kfMmvebaIw x-li-proto http/2 content-length 0 x-li-uuid AAYfZMsP72MlBku+wuwOQw==
GET H2	200	6si.min.js Show response j.6sc.co/	68 KB 19 KB	139ms 139ms	Script application/javascript	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: j.6sc.co URL: https://j.6sc.co/j/9d098b8d-9cde-40ee-beab-3b850059beba.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 06 Aug 2024 18:33:23 GMT server nginx/1.14.0 (Ubuntu) etag "66b26c73-10ff6" vary Accept-Encoding content-type application/javascript cache-control private, proxy-revalidate, max-age=10800 accept-ranges bytes content-length 18711 expires Sun, 11 Aug 2024 12:13:43 GMT
POST H2	200	create Show response st.fullcircleinsights.com/v1/visitors/	1 KB 2 KB	376ms 374ms	XHR application/json	18.161.21.109 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://st.fullcircleinsights.com/v1/visitors/create Requested by Host: d2i34c80a0ftze.cloudfront.net URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.21.109 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-21-109.bos50.r.cloudfront.net Software / Resource Hash 5daea109a976c2d24e7ab660c148ca0be89ad574b2e31dba571cd2e1483b6b75 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers origin-fci https://www.menlosecurity.com Referer https://www.menlosecurity.com/ js-version 1.0.59 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 x-api-key uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430 Content-Type text/plain;charset=UTF-8 Response headers date Sun, 11 Aug 2024 09:13:44 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 27d6451eef68b8beda74f9749214fe2c.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P1 x-amzn-trace-id Root=1-66b880c8-1beaa4d2782d7a483174bb85;Parent=3a1e6a2c94bc277c;Sampled=0;lineage=7c392b7c:0 x-amzn-requestid 69f3027d-56f6-463d-9cbc-304e866837af vary Origin x-cache Miss from cloudfront content-type application/json access-control-allow-origin https://www.menlosecurity.com x-amz-apigw-id cVkPZHaHPHcEdzQ= content-length 1390 x-amz-cf-id 1RyQlG7wTaGQJf6T1QlODUYJ8mmoOUXlbphzarJZr31pFtwk7qDwRA==
OPTIONS H2	200	create st.fullcircleinsights.com/v1/visitors/ Frame	0 0	879ms 327ms	Preflight application/json	18.161.21.109 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://st.fullcircleinsights.com/v1/visitors/create Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.21.109 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-21-109.bos50.r.cloudfront.net Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers js-version,origin-fci,x-api-key Access-Control-Request-Method POST Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version access-control-allow-methods OPTIONS,POST access-control-allow-origin https://www.menlosecurity.com content-length 1 content-type application/json date Sun, 11 Aug 2024 09:13:44 GMT via 1.1 27d6451eef68b8beda74f9749214fe2c.cloudfront.net (CloudFront) x-amz-apigw-id cVkPWHSxvHcENvQ= x-amz-cf-id 58jl9qxWK1bdQjuGKkbMNTkOfANu7jix7MVtU_MNLYmpv7QxELDh3A== x-amz-cf-pop BOS50-P1 x-amzn-requestid ee74477e-c5f6-46db-a5d7-5d608d8019e6 x-cache Miss from cloudfront
POST H/1.1	200 OK	visitWebPage 281-owv-899.mktoresp.com/webevents/	2 B 318 B	435ms 76ms	Ping text/plain	192.28.147.68 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://281-owv-899.mktoresp.com/webevents/visitWebPage?_mchNc=1723367623637&_mchCn=&_mchId=281-OWV-899&_mchTk=_mch-menlosecurity.com-1723367623636-97482&_mchHo=www.menlosecurity.com&_mchPo=&_mchRu=%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.147.68 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Date Sun, 11 Aug 2024 09:13:44 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id 5789989e-6511-4d0b-9d34-23fbae68826d
GET H2	200	getuidj Show response secure.adnxs.com/	11 B 707 B	412ms 125ms	XHR application/json	68.67.160.114 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://secure.adnxs.com/getuidj Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 68.67.160.114 Colonia, United States, ASN29990 (ASN-APPNEX, US), Reverse DNS 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net Software nginx/1.23.4 / Resource Hash 31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT an-x-request-uuid e3068e00-b571-4035-a2bf-f9f7482b2b3a server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type application/json; charset=utf-8 access-control-allow-origin https://www.menlosecurity.com cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 162.245.206.248; 162.245.206.248; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com content-length 11 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 197 B	184ms 142ms	XHR text/html	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://www.menlosecurity.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	18 B 313 B	530ms 139ms	XHR text/html	2600:1408:c400:d::17cd:6a47 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1408:c400:d::17cd:6a47 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 8f908e9df5b54233e81476beca89f1587a0158cd77602fd1bf082d5ac6e054e4 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT vary Origin content-type text/html access-control-allow-origin https://www.menlosecurity.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a04:c604:615:1::5 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1723367624018_400219719_1169297896_21_876_135_147_219";dur=1 content-length 18 expires Sun, 11 Aug 2024 09:13:44 GMT
GET H2	200	1626328370711236 Show response connect.facebook.net/signals/config/	72 KB 15 KB	122ms 120ms	Script application/x-javascript	2a03:2880:f003:c0e:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/1626328370711236?v=2.9.164&r=stable&domain=www.menlosecurity.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 1e172a7c6145ca3e987fe69713e4212555960c8c2a730eb1f335867860344f93 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Sun, 11 Aug 2024 09:13:43 GMT document-policy force-load-at-top x-fb-server-load 37 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 14670 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality GOOD; q=0.7, rtt=123, rtx=0, c=64, mss=1297, tbw=64363, tp=-1, tpl=-1, uplat=1, ullat=-1 pragma public x-fb-debug +rLgE93vpbdr8GToY59JO5wD8wUR/T37Do+Ci0hfalFi3B+N5ct/1+4lRdal+ZATRvb1gPK1uumC9IzRWLwDEg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/10976805707/	42 B 64 B	393ms 134ms	Image image/gif	172.253.63.103 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10976805707/?random=1723367623271&cv=11&fst=1723366800000&bg=ffffff&guid=ON&async=1&gtm=45be4880v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=1649402048.1723367623&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfkx-VHo4Xwy3wpd9We7i2C5ELPeZz_A&random=1173456396&rmt_tld=0&ipr=y Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.103 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f103.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	details Show response epsilon.6sense.com/v3/company/	770 B 729 B	295ms 165ms	XHR application/json	76.223.9.105 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 76.223.9.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ac3ff6aafb2cddae2.awsglobalaccelerator.com Software nginx / Resource Hash 6a57587dae029fde902271d7b857885edb515660c69c3eee98abf2e0415a1616 Request headers Referer https://www.menlosecurity.com/ Authorization Token cdcc21c50eb45b5f1adbb9f4723fd8296ded280b User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 X-6s-CustomID WebTag 9d098b8d-9cde-40ee-beab-3b850059beba Response headers x-trace-id 6238711297451982621 date Sun, 11 Aug 2024 09:13:44 GMT content-encoding gzip server nginx vary Origin, Accept-Encoding content-type application/json x-6si-region us-west-1a access-control-allow-origin https://www.menlosecurity.com access-control-expose-headers X-6si-Region access-control-allow-credentials true timing-allow-origin https://6sense.com, https://www.ssga.com content-length 407
OPTIONS H2	200	details epsilon.6sense.com/v3/company/ Frame	0 0	224ms 72ms	Preflight	76.223.9.105 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://epsilon.6sense.com/v3/company/details Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 76.223.9.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ac3ff6aafb2cddae2.awsglobalaccelerator.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,x-6s-customid Access-Control-Request-Method GET Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization,x-6s-customid access-control-allow-methods OPTIONS,GET access-control-allow-origin https://www.menlosecurity.com access-control-expose-headers X-6si-Region access-control-max-age 1800 date Sun, 11 Aug 2024 09:13:44 GMT server nginx timing-allow-origin https://6sense.com, https://www.ssga.com x-6si-region us-west-1a x-trace-id 7019965336018127609
GET H2	200	/ www.facebook.com/tr/	0 270 B	364ms 120ms	Image text/plain	2a03:2880:f103:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&rl=&if=false&ts=1723367623885&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723367623882.768674834177602497&cs_est=true&ler=empty&cdl=API_unavailable&it=1723367623725&coo=false&rqm=GET Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-fb-connection-quality GOOD; q=0.7, rtt=117, rtx=0, c=10, mss=1297, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Sun, 11 Aug 2024 09:13:44 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 3 KB	451ms 208ms	Image image/png	2a03:2880:f103:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&rl=&if=false&ts=1723367623885&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723367623882.768674834177602497&cs_est=true&ler=empty&cdl=API_unavailable&it=1723367623725&coo=false&rqm=FGET Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-encoding zstd x-content-type-options nosniff strict-transport-security max-age=15552000; preload nel {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01} date Sun, 11 Aug 2024 09:13:44 GMT document-policy force-load-at-top x-fb-server-load 37 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401807584671926463", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality GOOD; q=0.7, rtt=117, rtx=0, c=10, mss=1297, tbw=3112, tp=-1, tpl=-1, uplat=82, ullat=0 pragma no-cache x-fb-debug nEUAs+RB4hbyJ7t8Z22o0elS+sabVwjhplf861fSk6uwo9pJLSHcKHLkNLpsq3zvQc4bR0cJ+s/mK6D3woW63Q== cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401807584671926463"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401807584671926463"}],"group":"network-errors"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	widget-365e4fc9661820c90743b852a36fef3c.css app.hushly.com/assets/	69 KB 12 KB	90ms 89ms	Stylesheet text/css	34.208.92.192 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.hushly.com/assets/widget-365e4fc9661820c90743b852a36fef3c.css Requested by Host: app.hushly.com URL: https://app.hushly.com/assets/widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.208.92.192 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-208-92-192.us-west-2.compute.amazonaws.com Software / Resource Hash d8b080802cba44025db6515c924fd17cfba0f2d9123093aaa779d43f8a04a522 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT content-encoding gzip last-modified Fri, 26 Jul 2024 09:01:08 GMT etag "widget-365e4fc9661820c90743b852a36fef3c.css" vary Accept-Encoding content-type text/css;charset=UTF-8 cache-control public, max-age=31536000 content-length 11756
POST H2	200	83162 Show response app.hushly.com/runtime/widgets/	60 B 945 B	291ms 112ms	XHR application/json	34.208.92.192 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.hushly.com/runtime/widgets/83162 Requested by Host: app.hushly.com URL: https://app.hushly.com/assets/widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.208.92.192 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-208-92-192.us-west-2.compute.amazonaws.com Software / Resource Hash a8331d520e307081359e060643052b00e5529d0062b5ce516c251f4da1b9fae2 Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Sun, 11 Aug 2024 09:13:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy no-referrer-when-downgrade content-encoding gzip content-security-policy vary Accept-Encoding content-type application/json access-control-allow-origin https://www.menlosecurity.com cache-control max-age=0, private, must-revalidate access-control-allow-credentials true x-robots-tag noindex
GET H2	200	83162 Show response app.hushly.com/runtime/visitor/	38 B 770 B	104ms 103ms	Script text/javascript	34.208.92.192 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.hushly.com/runtime/visitor/83162?callback=hushlyVisitorCallback&sid=f2c9033c-9100-4f79-ad6a-1d005ec791d6&vid=7d9919ae-f11c-45ec-8f8d-14f7fbee1845&version=2&hly-ip-address=&_=1723367623830 Requested by Host: app.hushly.com URL: https://app.hushly.com/assets/widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.208.92.192 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-208-92-192.us-west-2.compute.amazonaws.com Software / Resource Hash 39ac81efd75f7897b0156e4f2224b7652335113656fe83dda65df8a1f6b36514 Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy no-referrer-when-downgrade content-encoding gzip content-security-policy vary Accept-Encoding content-type text/javascript cache-control max-age=31536000, public x-robots-tag noindex
GET H2	200	app.ca85cba649a0af1b098c9ac2487feee139f695c9.css cdn.servicebell.com/	143 KB 35 KB	73ms 72ms	Stylesheet text/css	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.servicebell.com/app.ca85cba649a0af1b098c9ac2487feee139f695c9.css Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 60dca141b1bda543dc9667cebf94697bb1fc934c0a267e6df265d8e94695d0d7 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:43 GMT strict-transport-security max-age=0; includeSubDomains content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id YYZA2AQGEF578MV3 age 6413 cf-polished origSize=146921 x-amz-id-2 MLTmNX55MZA+VjKvqmL876B165OJEjY4bVPPULUfSUNJ4AGw0wneAtSU4ieG/5V9iG8K57gVXoQ= cf-bgj minify last-modified Wed, 07 Aug 2024 23:07:30 GMT server cloudflare etag W/"b815fcd071ff82afbab78ef78b8e7b5d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dW1SO0beC046BCPZw9wSrkrrA7ueASPfj2XAcbMsZj4kOGyhQY0PCT0TWUv60M%2FBt5dg5v2rjTCsWfCDlaDK2W4qef0hay2beeoVIrmeyiT7EEQVjOHwrH552y7rTLQIkMMEUF2f23aGSh55AQr0gXI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8b171c81edb52ad5-LAX
GET H2	200	app.ca85cba649a0af1b098c9ac2487feee139f695c9.js Show response cdn.servicebell.com/	580 KB 184 KB	79ms 79ms	Script text/javascript	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.servicebell.com/app.ca85cba649a0af1b098c9ac2487feee139f695c9.js Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 40d19b97d0bc0581cb77d593988e81390a2696318fcf1ae61fdbd2a0d1944baf Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:44 GMT strict-transport-security max-age=0; includeSubDomains content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id YYZFHB8CDAJ1KQ6Y age 4003 cf-polished origSize=593902 x-amz-id-2 dL9d7bOD8g87P+6xuLDBBSaHOcuCG7eGShBlc8XrXFYMUltHFP/rWOZk9495+GA7Vn5H4XwnJbo= cf-bgj minify last-modified Wed, 07 Aug 2024 23:07:30 GMT server cloudflare etag W/"c350adaff2a83b124eeae1fb9d9e51dd" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FbPTQBZJohCcUir8S%2FYYgdGanDev4v1SWbZvKL01bwr8mZRfxfUbYZY78rLmlbRAI2qt4ECxZVfRopL6SpGXf9REwwVJU60G4kb%2BEqMTzRB3r2qaWIPcLlAJKD%2BIjgniRfY0horeybbGlKQGjSqSzs%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 8b171c81edb62ad5-LAX
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	169ms 128ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&v=1.1.23 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:44 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	167ms 127ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22978e5d07c2a3a90aa4884115fca62376%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22cdcc21c50eb45b5f1adbb9f4723fd8296ded280b%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%229d098b8d-9cde-40ee-beab-3b850059beba%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&v=1.1.23 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:44 GMT
GET BLOB	200 OK	1360e3df-a346-4cd4-817c-49e532a5f083 https://www.menlosecurity.com/	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL blob:https://www.menlosecurity.com/1360e3df-a346-4cd4-817c-49e532a5f083 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Length 43 Content-Type image/gif
GET H2	200	css2 fonts.googleapis.com/	22 KB 956 B	132ms 130ms	Stylesheet text/css	2607:f8b0:400d:c07::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/app.ca85cba649a0af1b098c9ac2487feee139f695c9.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c07::5f Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash bf9f89e27abbe42a43afee0cc33618d349c697ac60fca87aa22a2f01ea05b1bd Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://cdn.servicebell.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 11 Aug 2024 09:13:44 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 11 Aug 2024 08:02:35 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 11 Aug 2024 09:13:44 GMT
GET H2	200	sprite.29badbcc..svg Show response cdn.servicebell.com/assets/	19 KB 6 KB	198ms 73ms	Fetch image/svg+xml	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.servicebell.com/assets/sprite.29badbcc..svg Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5302196c1f81406faa6847053437b5f5384b3d7232b9d1f678060126e0e341d8 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:44 GMT strict-transport-security max-age=0; includeSubDomains content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id CP7AS9C5BSTRYSQ1 age 4220 x-amz-id-2 7iTJpE8vJ8mDmytvyVIdF/+HEYUET818ZGWYwJSBNg6cIifebAzjST6BN+d6gc+fPncYjNm3Uy8= last-modified Thu, 27 Jun 2024 10:24:25 GMT server cloudflare etag W/"8456c56f034dc7e4617f887c757fe896" access-control-max-age 3000 access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lZzVARxarhflDNqrYm2YPubbzEB2PK%2BZWIj%2FgZYuap4uAwxTVNh8ueNMoatzFGSvlQsPTucOuVtgUfb1tig4X0tC3zbX8tufm8orLGMt5M%2FOMszMN%2FuXp7erAAnbb22cpV1OY6wJDOd3Du3oAmct934%3D"}],"group":"cf-nel","max_age":604800} access-control-expose-headers Content-Range, Content-Length, ETag vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cache-control max-age=14400 cf-ray 8b171c843ff22b6d-LAX
GET H2	200	83162 Show response app.hushly.com/runtime/countries/	75 KB 20 KB	96ms 95ms	Script text/javascript	34.208.92.192 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.hushly.com/runtime/countries/83162?callback=hushlyCountriesCallback&_=1723367623831 Requested by Host: app.hushly.com URL: https://app.hushly.com/assets/widget-64f6c5c0c52e9a6c91abc2f5bd210ff6.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.208.92.192 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-208-92-192.us-west-2.compute.amazonaws.com Software / Resource Hash 68b4b6fc343811ef9268a786ba1a6d45532277051d2db7804896df2b58a9b429 Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy no-referrer-when-downgrade content-encoding gzip content-security-policy vary Accept-Encoding content-type text/javascript cache-control max-age=31536000, public x-robots-tag noindex
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	127ms 126ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=ipv6&q=%7B%22address%22%3A%222a04%3Ac604%3A615%3A1%3A%3A5%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2a04%3Ac604%3A615%3A1%3A%3A5&v=1.1.23 Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:44 GMT
GET H2	200	init Show response api.servicebell.com/api/v1/visitor/	3 KB 2 KB	565ms 512ms	Fetch application/json	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/visitor/init?clientKey=3bae7a80442842ffa01e149e51f315c3 Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b941a4f62c450e372b711e0b8a88955f50398f87598c84a544de709b255248b7 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:45 GMT strict-transport-security max-age=0; includeSubDomains content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-account-authed x-server-time 1723367624989 x-protocol-version 4 last-modified Sun, 11 Aug 2024 09:13:45 GMT server cloudflare vary Origin, Cookie, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWTCDOlKxzl8fYtLwhBNHrNSk8jn%2FxHsoJ7tNlnH3IzRIX7Yw4QJAT758ZILAU0v57TFDxWhK28p1RIFlKjPdwtJUgbWRs5HAYzlrc7kfeniDNYJUJ5S5%2FBm1caM7JAWkSfkpCkZtbcTZ8nDLacV0BQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin https://www.menlosecurity.com cache-control private, max-age=5, s-maxage=5 cf-ray 8b171c8599792b6d-LAX
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 202 B	105ms 104ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept * Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Sun, 11 Aug 2024 09:13:44 GMT x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 5C8E7DE0FFF34207BF28B356E8CE82D5 Ref B: LAX311000115019 Ref C: 2024-08-11T09:13:44Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-ltx1 access-control-allow-origin https://www.menlosecurity.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYfZMsWfIyMGkTQoj5Bqg==
GET H3	200	nc-c8e3fbbbafd0525da46f0097ec8ff1bbbr.js Show response dev.visualwebsiteoptimizer.com/edrv/	9 KB 3 KB	63ms 63ms	XHR text/javascript	34.96.102.137 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://dev.visualwebsiteoptimizer.com/edrv/nc-c8e3fbbbafd0525da46f0097ec8ff1bbbr.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 137.102.96.34.bc.googleusercontent.com Software gla2 / Resource Hash a77b711c5946a93d8e22953321834eb6b80e15d95bb4ec0ff29cec815e462f02 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:44 GMT content-encoding br via 1.1 google last-modified Fri, 09 Aug 2024 09:12:49 GMT server gla2 etag "66b5dd91-cc2" vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3266
GET H2	200	core js.driftt.com/ Frame 5A3A	0 0	441ms 180ms	Document text/html	18.161.34.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core?d=1&embedId=trrsm2wf4gwm&eId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=f88efd96-223a-4a64-b47b-e9fb1b6ea3ea&sessionStarted=1723367624.657&campaignRefreshToken=8102b125-19c8-4e49-abc9-2bf4b1b3c5df&hideController=false&pageLoadStartTime=1723367621835&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1723367700000/trrsm2wf4gwm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.34.90 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-34-90.bos50.r.cloudfront.net Software istio-envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.menlosecurity.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Sun, 11 Aug 2024 09:13:45 GMT etag W/"9274c0ff52d0ea301eff17185711c576" last-modified Wed, 24 Jul 2024 21:19:01 GMT server istio-envoy strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding via 1.1 b578b4642a9dfde97459f07330d190d4.cloudfront.net (CloudFront) x-amz-cf-id Z6Oz2HN4PG8Oaf7mwU7C_8CDFpLC--tG9KuCpjrwtVVnyyEHR9HvYg== x-amz-cf-pop BOS50-P2 x-amz-server-side-encryption AES256 x-amz-version-id e.x5p6Pj3I94qvY0w0S0kqCQS7PUrPBy x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 19
GET H2	200	chat js.driftt.com/core/ Frame C9B4	0 0	452ms 194ms	Document text/html	18.161.34.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1723367621835 Requested by Host: js.driftt.com URL: https://js.driftt.com/include/1723367700000/trrsm2wf4gwm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.34.90 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-34-90.bos50.r.cloudfront.net Software istio-envoy / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://www.menlosecurity.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache content-encoding gzip content-type text/html; charset=utf-8 date Sun, 11 Aug 2024 09:13:45 GMT etag W/"9274c0ff52d0ea301eff17185711c576" last-modified Wed, 24 Jul 2024 21:19:01 GMT server istio-envoy strict-transport-security max-age=31536000; includeSubDomains vary Accept-Encoding via 1.1 b578b4642a9dfde97459f07330d190d4.cloudfront.net (CloudFront) x-amz-cf-id a7UWAESO3oGtGjA84joJxRGHZzuk_QcsFB2QAW91uYDn2vLmpQ-x1g== x-amz-cf-pop BOS50-P2 x-amz-server-side-encryption AES256 x-amz-version-id e.x5p6Pj3I94qvY0w0S0kqCQS7PUrPBy x-cache RefreshHit from cloudfront x-envoy-upstream-service-time 19
GET H3	200	zi-tag.js Show response js.zi-scripts.com/	9 KB 3 KB	175ms 78ms	Script application/javascript	104.18.37.212 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/zi-tag.js Requested by Host: www.menlosecurity.com URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:44 GMT x-amz-version-id PTl7rnF_EEhUwyN5J882FhdYw1E0brGf content-encoding gzip cf-cache-status DYNAMIC via 1.1 8173637b037f7a210c661cd1e5dc76e2.cloudfront.net (CloudFront) x-amz-cf-pop LAX50-P4 age 65634 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Thu, 18 Jul 2024 08:13:46 GMT server cloudflare etag W/"b2877da906a3216c4f3fc4030b205e54" vary Accept-Encoding content-type application/javascript cf-ray 8b171c8709fa0cf3-LAX x-amz-cf-id uCYGqCPSSRLACkDQd-GKiiR_BdBNxEifu3x2B4HhDRNFt-w5QcqK6A==
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	371ms 123ms	Script text/javascript	2607:f8b0:400d:c01::71 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c01::71 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Sun, 11 Aug 2024 08:46:45 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 1619 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Sun, 11 Aug 2024 10:46:45 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	137ms 137ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A43%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2a04%3Ac604%3A615%3A1%3A%3A5&v=1.1.23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:44 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:44 GMT
POST H2	200	queue Show response st.fullcircleinsights.com/v1/visits/	2 KB 2 KB	361ms 359ms	XHR application/json	18.161.21.109 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://st.fullcircleinsights.com/v1/visits/queue Requested by Host: d2i34c80a0ftze.cloudfront.net URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.21.109 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-21-109.bos50.r.cloudfront.net Software / Resource Hash 276a68b65275224d7f9b4383c407c47972b805117202bd17c0bef8b1ad2484a2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers origin-fci https://www.menlosecurity.com Referer https://www.menlosecurity.com/ js-version 1.0.59 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 x-api-key uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430 Content-Type text/plain;charset=UTF-8 Response headers date Sun, 11 Aug 2024 09:13:45 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 27d6451eef68b8beda74f9749214fe2c.cloudfront.net (CloudFront) x-amz-cf-pop BOS50-P1 x-amzn-trace-id Root=1-66b880c9-1a8aef9a53bab1ce7a5142fb;Parent=3c66c24ba27c81a5;Sampled=0;lineage=adebd93c:0 x-amzn-requestid bfc46a1c-109b-4044-b4ba-f0e714cb2ba6 vary Origin x-cache Miss from cloudfront content-type application/json access-control-allow-origin https://www.menlosecurity.com x-amz-apigw-id cVkPgGNNvHcEYvQ= content-length 2056 x-amz-cf-id tpOC1FTwa-kZNLszt9XI_qny6re8rdpQmmkpA1wzFJQD538-8lfn0Q==
OPTIONS H2	200	queue st.fullcircleinsights.com/v1/visits/ Frame	0 0	326ms 326ms	Preflight application/json	18.161.21.109 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://st.fullcircleinsights.com/v1/visits/queue Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.161.21.109 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-161-21-109.bos50.r.cloudfront.net Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers js-version,origin-fci,x-api-key Access-Control-Request-Method POST Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-headers Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version access-control-allow-methods OPTIONS,POST access-control-allow-origin https://www.menlosecurity.com content-length 1 content-type application/json date Sun, 11 Aug 2024 09:13:45 GMT via 1.1 27d6451eef68b8beda74f9749214fe2c.cloudfront.net (CloudFront) x-amz-apigw-id cVkPdHx7PHcEjJw= x-amz-cf-id i6RGdJaSdvP3iTkQzA5NgrB5PJYjvp8MfRCiZUjgAOdKopet9CzOjQ== x-amz-cf-pop BOS50-P1 x-amzn-requestid 9ff14f47-060b-4e06-91ba-40ee24b7800a x-cache Miss from cloudfront
GET H3	200	getSubscriptions Show response js.zi-scripts.com/unified/v1/master/	146 B 550 B	161ms 161ms	Fetch application/json	104.18.37.212 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash be15cd2dccd27af8e632f48efb717884a45f39f8e3ad819f7ea44660686511d6 Request headers Content-Type application/json Referer https://www.menlosecurity.com/ Authorization Bearer 2b223f4b411669347307 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 visited_url https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Response headers date Sun, 11 Aug 2024 09:13:45 GMT via 1.1 7aaaa329e879e6fe2630b818d5c38786.cloudfront.net (CloudFront) content-encoding gzip cf-cache-status DYNAMIC x-amz-cf-pop LAX50-P4 x-powered-by Express x-cache Miss from cloudfront alt-svc h3=":443"; ma=86400 apigw-requestid cVkPdhNfPHcEMqw= server cloudflare etag W/"92-Hja7Vpv0IuyT/w59TLuT6J5uTIk" vary Origin content-type application/json; charset=utf-8 access-control-allow-origin https://www.menlosecurity.com cf-ray 8b171c88a890318b-LAX x-amz-cf-id KaMYeVzQET2mRctu2WX3eQx6hIImOhgHG8iMwLL_27MEY4G9WCuPSA==
OPTIONS H3	204	getSubscriptions js.zi-scripts.com/unified/v1/master/ Frame	0 0	174ms 110ms	Preflight	104.18.37.212 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.zi-scripts.com/unified/v1/master/getSubscriptions Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type,visited_url Access-Control-Request-Method GET Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-headers Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken access-control-allow-methods POST, GET, OPTIONS, PATCH, DELETE, PUT access-control-allow-origin https://www.menlosecurity.com alt-svc h3=":443"; ma=86400 apigw-requestid cVkPciZnPHcEMIA= cf-cache-status DYNAMIC cf-ray 8b171c87f824318b-LAX date Sun, 11 Aug 2024 09:13:44 GMT server cloudflare vary Origin via 1.1 7aaaa329e879e6fe2630b818d5c38786.cloudfront.net (CloudFront) x-amz-cf-id ezGdGBAKmOsofYclJ9AavUh6r1s_jkDnU2wlwxn7HNfonSL9A83LZQ== x-amz-cf-pop LAX50-P4 x-cache Miss from cloudfront x-powered-by Express
POST H2	200	collect Show response www.google-analytics.com/j/	3 B 212 B	123ms 122ms	XHR text/plain	2607:f8b0:400d:c01::71 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1195079516&t=pageview&_s=1&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&ul=en-us&de=UTF-8&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1223866517&gjid=1231164045&cid=566258091.1723367623&tid=UA-41161362-2&_gid=1299947265.1723367625&_r=1&_slc=1&gtm=45He4880n81WL64MFJv830118234za200&cd1=&cd2=&cd3=&gcd=13l3l3l3l1&dma=0&tag_exp=0&z=1726944019 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c01::71 Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:45 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.menlosecurity.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ Show response ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/	3 KB 2 KB	303ms 229ms	Fetch text/javascript	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/?iszitag=true Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 8773e2a849048874a0aabdd2d48b63b84dadecc07cc3016c9f98635ab180208b Security Headers Name Value X-Content-Type-Options nosniff Request headers visited-url https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Referer https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed _vtok MTYyLjI0NS4yMDYuMjQ4 _zitok c8dd74c525f01be11ec11723367625 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type text/javascript Response headers date Sun, 11 Aug 2024 09:13:45 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status DYNAMIC via 1.1 google server cloudflare x-powered-by Express vary Accept-Encoding content-type text/javascript access-control-allow-origin https://www.menlosecurity.com access-control-allow-credentials true x-robots-tag noindex, nofollow access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url alt-svc h3=":443"; ma=86400 cf-ray 8b171c8bbc7d24d6-SJC
OPTIONS H3	200	/ ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/ Frame	0 0	244ms 166ms	Preflight text/html	104.16.117.43 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/?iszitag=true Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers _vtok,_zitok,content-type,visited-url Access-Control-Request-Method GET Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url access-control-allow-origin https://www.menlosecurity.com allow GET,HEAD alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8b171c8a38b57acd-SJC content-encoding gzip content-type text/html; charset=utf-8 date Sun, 11 Aug 2024 09:13:45 GMT server cloudflare via 1.1 google x-content-type-options nosniff x-powered-by Express x-robots-tag noindex, nofollow
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	150ms 150ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A44%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2a04%3Ac604%3A615%3A1%3A%3A5&v=1.1.23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:45 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:45 GMT
GET BLOB	200 OK	476ad1bd-207b-4ff6-a80f-3bd2b08d6fb8 Show response https://www.menlosecurity.com/	3 KB 0		Script text/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://www.menlosecurity.com/476ad1bd-207b-4ff6-a80f-3bd2b08d6fb8 Requested by Host: js.zi-scripts.com URL: https://js.zi-scripts.com/zi-tag.js Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 8773e2a849048874a0aabdd2d48b63b84dadecc07cc3016c9f98635ab180208b Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers Content-Length 3029 Content-Type text/javascript
GET H2	200	LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yw.woff2 fonts.gstatic.com/s/plusjakartasans/v8/	27 KB 27 KB	367ms 122ms	Font font/woff2	2607:f8b0:400d:c01::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/plusjakartasans/v8/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:400d:c01::5e Morganton, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1262bff0591c36094d058ab102b84ce34eb1e547e8ff00557bf8d55449e58e40 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.menlosecurity.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Tue, 06 Aug 2024 02:43:12 GMT x-content-type-options nosniff age 455434 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 27444 x-xss-protection 0 last-modified Thu, 22 Jun 2023 14:14:33 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 06 Aug 2025 02:43:12 GMT
GET H2	200	2146004493.f32b646f7bb54ecbacf78ddf82640ab3.jpeg uploads.servicebell.com/cdn-cgi/image/width=160,height=160,f=auto/widget-org-logos/	890 B 1 KB	236ms 150ms	Image image/avif	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://uploads.servicebell.com/cdn-cgi/image/width=160,height=160,f=auto/widget-org-logos/2146004493.f32b646f7bb54ecbacf78ddf82640ab3.jpeg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 053309c0ae2bf4a03764f85970d161fcfa071020df116f3071c2701b6ca3b756 Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' Strict-Transport-Security max-age=0; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' content-length 890 cf-resized internal=ok/m q=0 n=82+137 c=0+137 v=2024.8.0 l=890 f=false last-modified Thu, 27 Jun 2024 20:39:27 GMT cf-bgj imgq:85,h2pri server cloudflare etag "cfj9sDiXBrhp_6qsphDzGASoC0C0DH-aRQi91-V4JfDQ:62e516673c79360045fb2b0f07875fc4" vary Accept, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FmsQ4BJdvTN80UnoU%2F7sLM0ICGMMRBJBA8l7SlqCjIG1R31mpGg%2F9gSQ%2BMGhUbOT98xu%2FvNbQsJE7gTelKja7CZDuIqhg28x9XYWtD8VHPxsA%2BXuMFDIK6m%2BHEMbdIDrw3DqJ%2BjxTUEfMITYB40zc5G6VZFv"}],"group":"cf-nel","max_age":604800} content-type image/avif cache-control max-age=14400 accept-ranges bytes cf-ray 8b171c90ad4f2ad5-LAX
GET H2	200	texture.bf1c3c46..png cdn.servicebell.com/assets/	9 KB 10 KB	73ms 72ms	Image image/png	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.servicebell.com/assets/texture.bf1c3c46..png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a0411c318b05aaf1c488b9e1a83097644d24fad33a53a79a41dd7ee0c338c49 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id YEQGE0RP9E1T984B age 4589 cf-polished origSize=23913, status=webp_bigger content-length 9646 x-amz-id-2 x5+IumElpgo7jGSjKVvBDugb/CfXASrFDEcbFigmubjgBJqLhJ6c9PNIOAzQkMQwFqIPLDsih04= cf-bgj imgq:100,h2pri last-modified Wed, 19 Jun 2024 11:30:23 GMT server cloudflare etag "5a63f7f42ea8ca64cc79d65f28fe5a28" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BAIzEL9XSsv%2BIeEtl6oV41eZ1u6ijRy7az9%2BNd3Rwq9gYPK69VcgkFMHkgCv02hLXulWDgknZl9k9CpTHxE887owbi7ts8aql3squGml%2BFODOfIIv1XtcQk2vp1PuV650oObEPLznYSxFkP3GZdjZDA%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8b171c902ce22ad5-LAX
GET H2	200	empty-state.2cc51af6..png cdn.servicebell.com/assets/	13 KB 13 KB	70ms 69ms	Image image/webp	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.servicebell.com/assets/empty-state.2cc51af6..png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8aaec54222268d361013e8848b90d4f57935e5282615bd3f6c2e291c240ae433 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id MZ4R8PG8SNWQ9FW3 age 7053 cf-polished origFmt=png, origSize=46196 content-disposition inline; filename="empty-state.webp" content-length 12842 x-amz-id-2 3Afz3TwDy+LZS6HsLw2jpXWrO2cpV3+nzR9/ahKJNq6ByMwOR3IpXqDN1emBs/A3x0z3Pc+BtKU= cf-bgj imgq:100,h2pri last-modified Wed, 07 Aug 2024 23:07:31 GMT server cloudflare etag "3ca96c39129f0cf8c2bc3f31728eff2f" vary Accept report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YDS8YfaQD%2BTkZASPUPubTLOP7kuz369iEzPIX3hlk5unjNXizT4Jy3F0H43ud0TuhJL0z4frPnaInFvnUAuyhdVnnXjjHzbTc3NsR0F2zCUq7rks9l%2FsyV%2BB1F7qbPb1UIGBsvMwWlFsi4S17hvLfCU%3D"}],"group":"cf-nel","max_age":604800} content-type image/webp cache-control max-age=14400 accept-ranges bytes cf-ray 8b171c902ce32ad5-LAX
GET H2	200	woman-3-700.jpg uploads.servicebell.com/cdn-cgi/image/width=370,height=400,f=auto/video/	8 KB 8 KB	168ms 83ms	Image image/avif	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://uploads.servicebell.com/cdn-cgi/image/width=370,height=400,f=auto/video/woman-3-700.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0fe34a2c26002e5f2b05d778dc2bb358098f2cb346c56c3e0958d6b278ec212d Security Headers Name Value Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none' Strict-Transport-Security max-age=0; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-security-policy default-src 'none'; navigate-to 'none'; form-action 'none' content-length 7712 cf-resized internal=ram/m q=0 n=0+122 c=0+0 v=2024.7.0 l=7712 last-modified Thu, 10 Feb 2022 23:08:32 GMT cf-bgj imgq:85,h2pri server cloudflare etag "cfC6rc4MBjjYk0j2C-tq2dqAlqoa6FHgGEIkv6epiqDQ:ddd45a3fd85981ce5580b1d8ef2464cb" vary Accept, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0fmSLmRyMnFCoG5d8hx5mMn4v2gMChuSAiFxn4fjP6a4Dy6i7OXlvofoCz%2FkcE3AFPpp4l8cPOWON8klu%2BFoj06kmHr9xWbU%2BkywNjnBkGxGLqYeroJSnGQR1WPxqzgLSRbg3g64honG2XJxHW5noxx37GoP"}],"group":"cf-nel","max_age":604800} content-type image/avif cache-control max-age=14400 accept-ranges bytes cf-ray 8b171c90ad512ad5-LAX
GET H2	206	woman-3-400.mp4 uploads.servicebell.com/video/	179 KB 180 KB	147ms 71ms	Media video/mp4	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://uploads.servicebell.com/video/woman-3-400.mp4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a941038f739b208d7974b5d9d5c9e303b8c880f76fec88c64da233cc8af585b1 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Range bytes=0- Response headers date Sun, 11 Aug 2024 09:13:46 GMT x-amz-version-id null cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=0; includeSubDomains x-amz-request-id 5HWKN5WCTZ1CJ2K6 age 5679 Content-Range bytes 0-183151/183152 Content-Length 183152 x-amz-id-2 Z1MYhPHCZjLTPbkKVePEI6Ar3XZJiBBd1CvLHXv+AlC/nsYgrUZePTpjZWXjDUhEKA3HWDmm9Gw= last-modified Thu, 10 Feb 2022 23:08:32 GMT server cloudflare etag "820c1b030080d7f7d6ff4761e86f6454" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b4L2s23ezWwcWAzdLEjHn23ioORlf%2Fc3FXwiW2B0PWTk63hHk8%2FBOwyzEl5FijmqEaKQYwglbvVT6XDbTj4N%2FZr9sKt5DI5GpTQNnCusxak3stEvoWVzNnwG%2FKHtwAAJ6YRnzINMLgBLzxIk0UkWZFotj4F2"}],"group":"cf-nel","max_age":604800} content-type video/mp4 cache-control max-age=14400 cf-ray 8b171c90ad542ad5-LAX
GET H2	206	woman-3-400.mp4 uploads.servicebell.com/video/	1 KB 0	216ms 69ms	Media video/mp4	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://uploads.servicebell.com/video/woman-3-400.mp4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Referer https://www.menlosecurity.com/ Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Range bytes=0- Response headers date Sun, 11 Aug 2024 09:13:46 GMT x-amz-version-id null cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=0; includeSubDomains x-amz-request-id 5HWKN5WCTZ1CJ2K6 age 5679 Content-Range bytes 0-183151/183152 Content-Length 183152 x-amz-id-2 Z1MYhPHCZjLTPbkKVePEI6Ar3XZJiBBd1CvLHXv+AlC/nsYgrUZePTpjZWXjDUhEKA3HWDmm9Gw= last-modified Thu, 10 Feb 2022 23:08:32 GMT server cloudflare etag "820c1b030080d7f7d6ff4761e86f6454" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X2F16NVeVXEhHE6TxPhaVrnN8gW7dGh6twycFVoZFP%2FvLowYSr3xLMuiDhR8wJx%2FVa%2BY4aF53TT7rnXN7m6GhA71UWZU8BX%2BplcTzSjVX4p54LdNevrdukWsPrxFvDfkqOF8cUqgDsLveoic21fq4jV61Y3%2F"}],"group":"cf-nel","max_age":604800} content-type video/mp4 cache-control max-age=14400 cf-ray 8b171c911da52ad5-LAX
OPTIONS H2	200	debug_journey api.servicebell.com/api/v1/visitor/ Frame	0 0	359ms 358ms	Preflight text/html	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/visitor/debug_journey Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.menlosecurity.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT access-control-allow-origin https://www.menlosecurity.com allow POST, OPTIONS cf-cache-status DYNAMIC cf-ray 8b171c903d762b6d-LAX content-encoding br content-type text/html; charset=utf-8 date Sun, 11 Aug 2024 09:13:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7XBS6O5go34G2IrJeA9fRMvkIB02buBNKaCpgt3fON%2F4WUBmbBrVg9uXlcKs4CUjYDJcjC2%2B8cL6urVMUZeXbOKN2CJHKUwApF3NkSVtXgjM3f0EYMLUUo%2BZwk%2Bck3zNQZsKRHRXsyAXUVSVQxLvsQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=0; includeSubDomains vary Origin, Cookie x-account-authed x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-protocol-version 4 x-server-time 1723367626539
GET H2	200	conversations Show response api.servicebell.com/api/v1/widget/chat/visitors/5181c406-e163-4588-a74f-69a7399a9025/	87 B 389 B	394ms 393ms	Fetch application/json	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/widget/chat/visitors/5181c406-e163-4588-a74f-69a7399a9025/conversations?clientKey=3bae7a80442842ffa01e149e51f315c3 Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b4c425d7e73c4c6cdb01465e53ec12fb350e4472eaab6b5b81c2bb4f50d7236f Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-server-time 1723367626574 date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-protocol-version 4 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-account-authed vary Origin, Cookie report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gjek%2F57eGqLryrRrs3gszYrNSSGUDSMVIuO6Ablmy0EXK5U3UPG1D%2B6gl6kfqH7WtzdRLuSe%2BiVvOKbNXlHsMqBzzn0IdK5H3Va79VEaYHWZ7mOIc%2FK%2F8mF5u%2BOOGs9PzCa9wm1rlIkGKEK1ef%2B4q38%3D"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin https://www.menlosecurity.com content-encoding br cf-ray 8b171c903d702b6d-LAX
GET H2	200	settings Show response api.servicebell.com/api/v1/public/helpcenter/	159 B 423 B	385ms 385ms	Fetch application/json	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/public/helpcenter/settings?orgId=2146004493 Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a5c45a5722b71dab6b6b2c9ba0d9bb108e76f2a5d356e1dbb9173aca1ef55ecf Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-server-time 1723367626561 date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-protocol-version 4 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-account-authed vary Origin, Cookie report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tVFMhCbQ12jwMxl4RY5PsO%2BiSDcTTJfDt3BEt3qc3ga5DOjmPUnnYfQheGi2M8Et0iEdYG2bUKIr6TYdRlyAOGdqI%2BJ5LTb80iykHj3LVYSLaRDkT8G8Sn%2BLHeLbI7u%2F9UUUO4a4sA3k0Oeyrr5s89Q%3D"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin https://www.menlosecurity.com content-encoding br cf-ray 8b171c903d712b6d-LAX
GET H2	200	article-collections Show response api.servicebell.com/api/v1/public/helpcenter/	3 B 348 B	328ms 328ms	Fetch application/json	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/public/helpcenter/article-collections?orgId=2146004493 Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-server-time 1723367626507 date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-protocol-version 4 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-account-authed vary Origin, Cookie report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BdmxeHjimfxKEDHRkJ50M6xtz6QZRHbJbJn%2BSOSGlYbilzg3pyINd3%2BSd2T3oFBraSa1w2SLgVt0aUu7w2CB%2FojRctCCtOfCCqxpnqmSWfngkLDWXRV9qRX1VDPjoeFE9wlQrNi0%2Ff22eO3c82Jfqh4%3D"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin https://www.menlosecurity.com cf-ray 8b171c903d732b6d-LAX content-length 3
GET H2	200	article-collections Show response api.servicebell.com/api/v1/public/helpcenter/	3 B 309 B	468ms 139ms	Fetch application/json	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/public/helpcenter/article-collections?orgId=2146004493 Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers x-server-time 1723367626651 date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-protocol-version 4 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-account-authed vary Origin, Cookie report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYPk53M2iF%2FilxHE2nJh%2BErrv8tOh1%2Fngg8zxZcmBZ3T%2B7VPwQmoauPSCj%2BuNv1bj3Iufr%2Fu4eeV9YFzLtP4Xo2%2FydXzEvxFtL3qw6%2Bv3bHgfzwkQ6wg3hSXrjwDPbJlOS3M0F71qR7Rw4ZuYPfyyL0%3D"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin https://www.menlosecurity.com cf-ray 8b171c924f912b6d-LAX content-length 3
POST H2	200	debug_journey Show response api.servicebell.com/api/v1/visitor/	17 B 408 B	158ms 156ms	Fetch application/json	2606:4700:20::ac43:477f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.servicebell.com/api/v1/visitor/debug_journey Requested by Host: cdn.servicebell.com URL: https://cdn.servicebell.com/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:477f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a8ae0247dc9a3d9435afbd24d9ec729028d4e1f1b86e8cc1c277b36b79555393 Security Headers Name Value Strict-Transport-Security max-age=0; includeSubDomains Request headers Accept application/json Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Content-Type application/json Response headers x-server-time 1723367626700 date Sun, 11 Aug 2024 09:13:46 GMT strict-transport-security max-age=0; includeSubDomains x-protocol-version 4 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-commit-hash ca85cba649a0af1b098c9ac2487feee139f695c9 x-account-authed vary Origin, Cookie report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOhzoyQcQvh3xcZB7pAUjYJKT%2BdS7BHB9F1YiF6BBp3eursra0lX6pCwGBlXBB8xtQhjR4T9eCMGr0UlfLTG1LskwW0sfGXNdT9A%2FPIF3%2FWKICYzvMteEuu%2F%2FltDexhvcTOHxDwRLKGt9jZ6QuX%2BL7c%3D"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin https://www.menlosecurity.com cf-ray 8b171c927fb52b6d-LAX content-length 17
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	132ms 132ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A45%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2a04%3Ac604%3A615%3A1%3A%3A5&v=1.1.23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:46 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:46 GMT
GET H3	200	6536e67716d17e337c7f3e60_MenloSecurity_Favicon_32_32.png cdn.prod.website-files.com/6536e5317bf92f62050c3585/	746 B 1 KB	77ms 77ms	Other image/png	104.18.29.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536e67716d17e337c7f3e60_MenloSecurity_Favicon_32_32.png Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.29.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 95094178b1d066267bdca95f971db0499c7df799743c27412fa4064bce385070 Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers date Sun, 11 Aug 2024 09:13:46 GMT x-amz-version-id wvEzMJDLf8TTPNwxnTd4hdnzk7CaV6Lt cf-cache-status HIT x-amz-request-id 7CPJSTD0KYPMTQ45 age 6191643 x-amz-server-side-encryption AES256 alt-svc h3=":443"; ma=86400 content-length 746 x-amz-id-2 4QuGWyGulhdIaeTM4F47L4IT8Ho4mvMnxNADIOe3AdqVCrMGNup523IFXhZhTrPCDSNaz/GQn4M= last-modified Mon, 23 Oct 2023 21:32:40 GMT server cloudflare etag "ac6cf83cc5ea7e9a33c4810bebf9ff90" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes cf-ray 8b171c93e9d2cb85-LAX
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	151ms 151ms	Image image/gif	23.73.207.13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A46%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2a04%3Ac604%3A615%3A1%3A%3A5&v=1.1.23 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.73.207.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-73-207-13.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.menlosecurity.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Response headers pragma no-cache date Sun, 11 Aug 2024 09:13:47 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Sun, 11 Aug 2024 09:13:47 GMT
GET		img.gif b.6sc.co/v1/beacon/	0 0
POST		collect analytics.google.com/g/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

b.6sc.co

URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=a15ea394-9e14-45fd-81aa-21f3fab9d1e0&session=8abebdc5-c3e5-4453-8dc0-d01466324e3b&event=active_time_track&q=%7B%22currentTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Sun%2C%2011%20Aug%202024%2009%3A13%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0e00bcf1-e876-4486-8cf8-48ae475fb43b&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2a04%3Ac604%3A615%3A1%3A%3A5&v=1.1.23

Domain

analytics.google.com

URL

https://analytics.google.com/g/collect?v=2&tid=G-C2G0PCSJKE&gtm=45je4880v868642232z8830118234za200zb830118234&_p=1723367622200&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=566258091.1723367623&ecid=366654389&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=2&sid=1723367623&sct=1&seg=0&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&en=company_details_6si&_et=950&up.company_name_6si=(Non-company%20Visit)&up.company_country_6si=United%20States&up.company_is_6qa_6si=false&tfd=8345