cyble.com Open in urlscan Pro
192.0.78.152 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Submission: On December 13 via api (December 13th 2024, 6:40:49 am UTC) from IN — Scanned from IL

Summary HTTP 278 Redirects Links 74 Behaviour Indicators

Summary

This website contacted 70 IPs in 5 countries across 57 domains to perform 278 HTTP transactions. The main IP is 192.0.78.152, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is cyble.com.
TLS certificate: Issued by E6 on December 3rd 2024. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
81	192.0.78.152 192.0.78.152	2635 (AUTOMATTIC) (AUTOMATTIC)
10	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
7	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
7	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
2	172.67.2.155 172.67.2.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.138.101 172.67.138.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	104.17.246.203 104.17.246.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.16.164.35 2.16.164.35	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	104.16.189.41 104.16.189.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.16.139.209 104.16.139.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.141.119 104.18.141.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	104.17.111.223 104.17.111.223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.245.86.120 18.245.86.120	16509 (AMAZON-02) (AMAZON-02)
1	172.64.154.248 172.64.154.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.107.133.146 34.107.133.146	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	142.250.184.238 142.250.184.238	15169 (GOOGLE) (GOOGLE)
3	142.250.184.228 142.250.184.228	15169 (GOOGLE) (GOOGLE)
2	23.32.238.219 23.32.238.219	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
2	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
2	13.107.246.45 13.107.246.45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.18.30.176 104.18.30.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.175.201 104.17.175.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.147.16 172.64.147.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.140.17 104.18.140.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.79.142 104.16.79.142	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.223.152 104.17.223.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.117.116 104.16.117.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	169.150.247.36 169.150.247.36	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
2	192.0.72.3 192.0.72.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	18.66.112.121 18.66.112.121	16509 (AMAZON-02) (AMAZON-02)
13 18	46.51.197.220 46.51.197.220	16509 (AMAZON-02) (AMAZON-02)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
2 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	172.64.146.215 172.64.146.215	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.18.3.9 104.18.3.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	54.194.225.127 54.194.225.127	16509 (AMAZON-02) (AMAZON-02)
1	35.214.136.108 35.214.136.108	19527 (GOOGLE-2) (GOOGLE-2)
1	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	216.58.206.66 216.58.206.66	15169 (GOOGLE) (GOOGLE)
1 2	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	64.202.112.127 64.202.112.127	23352 (SERVERCEN...) (SERVERCENTRAL)
1	198.47.127.205 198.47.127.205	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-A...) (TABOOLA-AS Taboola.com ltd)
1 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
2	157.240.0.35 157.240.0.35	32934 (FACEBOOK) (FACEBOOK)
2	104.20.40.213 104.20.40.213	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.242.108 104.18.242.108	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.121.20 13.32.121.20	16509 (AMAZON-02) (AMAZON-02)
1	54.194.202.214 54.194.202.214	16509 (AMAZON-02) (AMAZON-02)
3	104.16.160.145 104.16.160.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
5	52.184.215.111 52.184.215.111	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.118.116 104.16.118.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.158.205.16 18.158.205.16	16509 (AMAZON-02) (AMAZON-02)
3	142.250.185.202 142.250.185.202	15169 (GOOGLE) (GOOGLE)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
9	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
278	70

81 192.0.78.152 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.2.155 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.apollo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.138.101 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.246.203 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.164.35 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-16-164-35.deploy.static.akamaitechnologies.com

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.189.41 (None, )

ASN13335 (CLOUDFLARENET, US)

www.g2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.139.209 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.141.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.111.223 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-120.fra60.r.cloudfront.net

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.154.248 (None, )

ASN13335 (CLOUDFLARENET, US)

nitroscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.133.146 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 146.133.107.34.bc.googleusercontent.com

aplo-evnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.238.219 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-32-238-219.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.246.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.30.176 (None, )

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.175.201 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.140.17 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.79.142 (None, )

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.223.152 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 169.150.247.36 (Frankfurt am Main, Germany)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 169-150-247-36.bunnyinfra.net

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.72.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

videos.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-121.fra56.r.cloudfront.net

w.soundcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 46.51.197.220 (Dublin, Ireland) 13 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-46-51-197-220.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.146.215 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.3.9 (None, )

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
z.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.225.127 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-225-127.eu-west-1.compute.amazonaws.com

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.136.108 (Groningen, Netherlands)

ASN19527 (GOOGLE-2, US)
PTR: 108.136.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.26.193 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.127 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.205 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS Taboola.com ltd, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.20.40.213 (None, )

ASN13335 (CLOUDFLARENET, US)

app.apollo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.242.108 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-20.fra60.r.cloudfront.net

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.202.214 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-202-214.eu-west-1.compute.amazonaws.com

x.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.16.160.145 (None, )

ASN13335 (CLOUDFLARENET, US)

onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f3.1e100.net

www.google.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.184.215.111 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.118.116 (None, )

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.158.205.16 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
81	cyble.com cyble.com	594 KB
29	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 19537 c0.wp.com — Cisco Umbrella Rank: 10660 i0.wp.com — Cisco Umbrella Rank: 4317 s0.wp.com — Cisco Umbrella Rank: 9378 stats.wp.com — Cisco Umbrella Rank: 3804 fonts.wp.com — Cisco Umbrella Rank: 20227 pixel.wp.com — Cisco Umbrella Rank: 3757	2 MB
28	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 6331 api.omappapi.com — Cisco Umbrella Rank: 6333 z.omappapi.com	193 KB
22	adroll.com 13 redirects s.adroll.com — Cisco Umbrella Rank: 3645 d.adroll.com — Cisco Umbrella Rank: 1673 x.adroll.com — Cisco Umbrella Rank: 3549	77 KB
9	gstatic.com fonts.gstatic.com	174 KB
9	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 3945 px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676	167 KB
7	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 625 j.clarity.ms — Cisco Umbrella Rank: 8397	31 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	21 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	760 KB
6	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 cm.g.doubleclick.net — Cisco Umbrella Rank: 284	6 KB
6	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3653 api.hubspot.com — Cisco Umbrella Rank: 5268 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 app.hubspot.com — Cisco Umbrella Rank: 5921 forms.hubspot.com — Cisco Umbrella Rank: 6196	29 KB
6	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 5669 onesignal.com — Cisco Umbrella Rank: 1761 img.onesignal.com — Cisco Umbrella Rank: 10383	93 KB
6	unpkg.com 4 redirects unpkg.com — Cisco Umbrella Rank: 740	53 KB
5	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1634 syndication.twitter.com — Cisco Umbrella Rank: 2069	30 KB
4	apollo.io assets.apollo.io — Cisco Umbrella Rank: 29527 app.apollo.io — Cisco Umbrella Rank: 62469	291 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 470	1 KB
3	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8407	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3	128 B
3	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2580	2 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 17923	45 KB
2	google.co.il www.google.co.il — Cisco Umbrella Rank: 35336	563 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	215 B
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 281	2 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 429	982 B
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 525	518 B
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 476	830 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 607	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 377	1 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	wordpress.com videos.files.wordpress.com — Cisco Umbrella Rank: 103924	3 MB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	75 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	20 KB
2	aplo-evnt.com aplo-evnt.com — Cisco Umbrella Rank: 30175
2	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6979	158 KB
2	g2.com www.g2.com — Cisco Umbrella Rank: 59326	23 KB
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 18946	1 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	959 B
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 14785	5 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	990 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 1304	366 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 886	587 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 897	360 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 419	1 KB
1	pippio.com pippio.com — Cisco Umbrella Rank: 805	570 B
1	ml314.com ml314.com — Cisco Umbrella Rank: 1917	294 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 393	183 B
1	soundcloud.com w.soundcloud.com — Cisco Umbrella Rank: 27489
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	4 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5194	27 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	nitroscripts.com nitroscripts.com — Cisco Umbrella Rank: 16495	756 B
1	unpkg.co 1 redirects unpkg.co — Cisco Umbrella Rank: 197273	802 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	28 KB
278	57

	Domain	Requested by
81	cyble.com	cyble.com
24	a.omappapi.com	cyble.com a.omappapi.com
18	d.adroll.com	13 redirects s.adroll.com cyble.com
10	i0.wp.com	cyble.com
9	fonts.gstatic.com	fonts.googleapis.com
7	fonts.wp.com	fonts-api.wp.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
7	www.googletagmanager.com	cyble.com www.googletagmanager.com js.hsadspixel.net
7	c0.wp.com	cyble.com
6	unpkg.com	4 redirects cyble.com
5	j.clarity.ms	www.clarity.ms
5	px.ads.linkedin.com	2 redirects snap.licdn.com cyble.com
4	platform.twitter.com	cyble.com platform.twitter.com
3	fonts.googleapis.com	a.omappapi.com
3	onesignal.com	cdn.onesignal.com
3	pixel.tapad.com	2 redirects cyble.com
3	api.omappapi.com	a.omappapi.com
3	www.linkedin.com	1 redirects platform.linkedin.com
3	tracking.g2crowd.com	cyble.com tracking.g2crowd.com
3	www.google.com	www.googletagmanager.com cyble.com
3	js.hs-scripts.com	cyble.com
2	x.clearbitjs.com	tag.clearbitscripts.com
2	www.google.co.il	cyble.com
2	api.hubspot.com	js.usemessages.com
2	app.apollo.io	assets.apollo.io
2	www.facebook.com	cyble.com
2	ib.adnxs.com	1 redirects cyble.com
2	eb2.3lift.com	1 redirects cyble.com
2	us-u.openx.net	1 redirects cyble.com
2	idsync.rlcdn.com	2 redirects
2	dsum-sec.casalemedia.com	1 redirects cyble.com
2	cm.g.doubleclick.net	2 redirects
2	match.adsrvr.org	2 redirects
2	x.adroll.com	s.adroll.com cyble.com
2	td.doubleclick.net	www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	videos.files.wordpress.com	cyble.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	aplo-evnt.com	assets.apollo.io
2	s.adroll.com	cyble.com www.googletagmanager.com
2	cdn.onesignal.com	cyble.com cdn.onesignal.com
2	js.hsforms.net	cyble.com
2	www.g2.com	cyble.com
2	assets.apollo.io	cyble.com
2	fonts-api.wp.com	cyble.com
1	z.omappapi.com	a.omappapi.com
1	forms.hubspot.com	js.hsleadflows.net
1	app.clearbit.com	x.clearbitjs.com
1	syndication.twitter.com	cyble.com
1	img.onesignal.com	cyble.com
1	app.hubspot.com	js.usemessages.com
1	perf-na1.hsforms.com	cyble.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	sync.taboola.com	cyble.com
1	image2.pubmatic.com	cyble.com
1	sync.outbrain.com	cyble.com
1	pixel.rubiconproject.com	cyble.com
1	pippio.com	cyble.com
1	ml314.com	cyble.com
1	x.bidswitch.net	cyble.com
1	pixel.wp.com	cyble.com
1	alb.reddit.com	cyble.com
1	pixel-config.reddit.com	www.redditstatic.com
1	w.soundcloud.com	cyble.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	nitroscripts.com	cyble.com
1	stats.wp.com	cyble.com
1	s0.wp.com	cyble.com
1	platform.linkedin.com	cyble.com
1	unpkg.co	1 redirects
1	cdnjs.cloudflare.com	cyble.com
278	81

This site contains links to these domains. Also see Links.

Domain
cyble.ai
www.cyble.com
amibreached.com
odin.io
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
cert.gov.ua
www.g2.com
www.linkedin.com
soundcloud.com
trust.cyble.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
tls.automattic.com E6	`2024-12-03` - `2025-03-03`	3 months	crt.sh
wp.com E6	`2024-12-09` - `2025-03-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
apollo.io E6	`2024-10-30` - `2025-01-28`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
www.g2.com WE1	`2024-10-18` - `2025-01-16`	3 months	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
hsforms.net WE1	`2024-12-07` - `2025-03-07`	3 months	crt.sh
*.onesignal.com WE1	`2024-10-31` - `2025-01-29`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
nitroscripts.com WE1	`2024-10-25` - `2025-01-23`	3 months	crt.sh
aplo-evnt.com R10	`2024-11-05` - `2025-02-03`	3 months	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-22` - `2024-12-21`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
g2crowd.com WE1	`2024-10-19` - `2025-01-17`	3 months	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
usemessages.com WE1	`2024-12-04` - `2025-03-04`	3 months	crt.sh
hsadspixel.net WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
a.omappapi.com R10	`2024-11-05` - `2025-02-03`	3 months	crt.sh
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.soundcloud.com GlobalSign GCC R3 DV TLS CA 2020	`2024-02-06` - `2025-03-09`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M02	`2024-09-09` - `2025-10-09`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
omappapi.com WE1	`2024-12-11` - `2025-03-11`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.adroll.com Amazon RSA 2048 M03	`2024-10-19` - `2025-11-16`	a year	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
onesignal.com WE1	`2024-10-31` - `2025-01-29`	3 months	crt.sh
*.google.co.il WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
hsforms.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-16`	a year	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
syndication.twitter.com R10	`2024-12-09` - `2025-03-09`	3 months	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-02-15` - `2025-03-16`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Frame ID: 1969D26A52C883E07786685238461B11
Requests: 264 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fcyble.com
Frame ID: C09BF0E3DF20DF8A4E3E5963C031A341
Requests: 1 HTTP requests in this frame

Frame: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/1872505476&color=%23cc0000&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true
Frame ID: F4BC9BE990CA69741726962FA814EA19
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10996750928?random=1734072018121&cv=11&fst=1734072018121&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4cc0v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: EB245D4929F44A17FAE60F1167AD5CFD
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10996750928?random=1734072018178&cv=11&fst=1734072018178&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc0v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 8635E350AA1C9B3EC2D60717C678B5CA
Requests: 1 HTTP requests in this frame

Frame: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU
Frame ID: EB7FC201FF96E104E138F266585091E9
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcyble.com
Frame ID: A21F19DCBBD9ADD536BAAEE06909675A
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/1eab554fde8843958f1c516b9d4d552d?uuid=2f67066be91e45ff962b8ed6e5789595&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=1eab554fde8843958f1c516b9d4d552d&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true&isIOSMobile=false
Frame ID: 3DD70A00FE0AB10059F727BB7B3CB4BE
Requests: 1 HTTP requests in this frame

Frame: https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=c6cb812a-6e06-4646-8760-fe7f7f330b38&xd_origin_host=https%3A%2F%2Fcyble.com
Frame ID: 6C1ED8866DB168F3A440AA39074C7DD0
Requests: 1 HTTP requests in this frame

Frame: https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=c6cb812a-6e06-4646-8760-fe7f7f330b38&xd_origin_host=https%3A%2F%2Fcyble.com
Frame ID: 864BB29F3B7927C89E30C1CE900E224E
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 81A601B9A32748DC9890B1D80B43C6A9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UAC-0215 Phishing Campaign Targets Ukraine's Critical Sectors

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

278
Requests

91 %
HTTPS

0 %
IPv6

57
Domains

81
Subdomains

70
IPs

5
Countries

8184 kB
Transfer

15768 kB
Size

89
Cookies

74 Outgoing links

These are links going to different origins than the main page.

URL: https://cyble.ai/auth/login
Title: Login

Search URL Search Domain Scan URL

URL: https://www.cyble.com/products/cyble-vision
Title: Award-winning cyber threat intelligence platform, designed to provide enhanced security through real-time intelligence and threat detection.

Search URL Search Domain Scan URL

URL: https://amibreached.com/
Title: AmIBreached

Search URL Search Domain Scan URL

URL: https://odin.io/
Title: Odin by CybleNew

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: The most advanced internet-scanning tool in the industry for real-time threat detection and cybersecurity

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber ExpressSubscribe

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Cyble Partner Network (CPN)Join Us

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a PartnerRegister

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22IT%20%26%20ITES%22%5D%7D
Title: IT & ITES |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Technology%22%5D%7D
Title: Technology |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Government%20%26%20LEA%22%5D%7D
Title: Government & LEA |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Healthcare%22%5D%7D
Title: Healthcare |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22BFSI%22%5D%7D
Title: BFSI

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20States%22%5D%7D
Title: United States |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Russian%20Federation%22%5D%7D
Title: Russian Federation |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22China%22%5D%7D
Title: China |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20Kingdom%22%5D%7D
Title: United Kingdom |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Germany%22%5D%7D
Title: Germany

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22North%20America%20%28NA%29%22%5D%7D
Title: North America (NA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Europe%20%26%20UK%22%5D%7D
Title: Europe & UK |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Asia%20%26%20Pacific%20%28APAC%29%22%5D%7D
Title: Asia & Pacific (APAC) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Middle%20East%20%26%20Africa%20%28MEA%29%22%5D%7D
Title: Middle East & Africa (MEA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Australia%20and%20New%20Zealand%20%28ANZ%29%22%5D%7D
Title: Australia and New Zealand (ANZ)

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91%22%5D%7D
Title: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%227bdbd180c081fa63ca94f9c22c457376%22%5D%7D
Title: 7bdbd180c081fa63ca94f9c22c457376 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0%22%5D%7D
Title: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%228c69830a50fb85d8a794fa46643493b2%22%5D%7D
Title: 8c69830a50fb85d8a794fa46643493b2 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22bbcf7a68f4164a9f5f5cb2d9f30d9790%22%5D%7D
Title: bbcf7a68f4164a9f5f5cb2d9f30d9790

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21887%22%5D%7D
Title: CVE-2024-21887 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2023-46805%22%5D%7D
Title: CVE-2023-46805 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2017-11882%22%5D%7D
Title: CVE-2017-11882 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21893%22%5D%7D
Title: CVE-2024-21893 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2021-44228%22%5D%7D
Title: CVE-2021-44228

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1082%22%5D%7D
Title: T1082 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1140%22%5D%7D
Title: T1140 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1486%22%5D%7D
Title: T1486 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1083%22%5D%7D
Title: T1083 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1105%22%5D%7D
Title: T1105

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA505%22%5D%7D
Title: TA505 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0011%22%5D%7D
Title: TA0011 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0002%22%5D%7D
Title: TA0002 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0001%22%5D%7D
Title: TA0001 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA453%22%5D%7D
Title: TA453

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22security%22%5D%7D
Title: security |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express%22%5D%7D
Title: the-cyber-express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22firewall-daily%22%5D%7D
Title: firewall-daily |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express-news%22%5D%7D
Title: the-cyber-express-news |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22malware%22%5D%7D
Title: malware

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lockbit%22%5D%7D
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Blackcat%22%5D%7D
Title: Blackcat |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lazarus%22%5D%7D
Title: Lazarus |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22VoltTyphoon%22%5D%7D
Title: VoltTyphoon |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Kimsuky%22%5D%7D
Title: Kimsuky

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22CobaltStrike%22%5D%7D
Title: CobaltStrike |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Qakbot%22%5D%7D
Title: Qakbot |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Xmrig%22%5D%7D
Title: Xmrig |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Lockbit%22%5D%7D
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Icedid%22%5D%7D
Title: Icedid

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Darkreading%22%5D%7D
Title: Darkreading |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Cyber%20Express%22%5D%7D
Title: The Cyber Express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Bleepingcomputer%22%5D%7D
Title: Bleepingcomputer |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Hacker%20News%22%5D%7D
Title: The Hacker News |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Infosecurity%20Magazine%22%5D%7D
Title: Infosecurity Magazine

Search URL Search Domain Scan URL

URL: https://cert.gov.ua/article/6281076
Title: CERT-UA

Search URL Search Domain Scan URL

URL: https://www.g2.com/products/cyble/take_survey?utm_source=review-widget

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global

Search URL Search Domain Scan URL

URL: https://soundcloud.com/cybercrimemagazine
Title: Cybercrime Magazine

Search URL Search Domain Scan URL

URL: https://soundcloud.com/cybercrimemagazine/ai-cybersecurity-microsoft-recall-beyond-beenu-arora-cyble
Title: AI's Impact On Cybersecurity. Microsoft Recall & Beyond. Beenu Arora, Co-Founder & CEO, Cyble.

Search URL Search Domain Scan URL

URL: https://trust.cyble.com/
Title: Cyble Trust Portal

Search URL Search Domain Scan URL

URL: https://www.cyble.com/
Title: Threat Intelligence Platform

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://unpkg.co/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Request Chain 63

https://unpkg.com/gsap@3/dist/Draggable.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/Draggable.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Request Chain 166

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5254356%26time%3D1734072018341%26li_adsId%3Dfb4dfa55-7905-4dce-8b3f-cb2c3b9d8299%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fphishing-campaign-targeting-ukraine-uac-0215%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 178

https://d.adroll.com/cm/b/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

Request Chain 179

https://d.adroll.com/cm/bombora/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://ml314.com/utsync.ashx?et=0&eid=92980&fp=c6f30eee545a87737d8d9e5e1aa8cc66

Request Chain 180

https://d.adroll.com/cm/experian/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=9715676a-b52b-4830-a7b6-37aec943a0ec&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%2C%2C

Request Chain 181

https://d.adroll.com/cm/g/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=xvMO7lRah3N9jZ5eGqjMZg HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=xvMO7lRah3N9jZ5eGqjMZg&google_tc= HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 182

https://d.adroll.com/cm/index/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expiration=1765608018 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expiration=1765608018&C=1

Request Chain 183

https://d.adroll.com/cm/l/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=c6f30eee545a87737d8d9e5e1aa8cc66 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogYzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjYQABoNCNOt77oGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=35b9964fd9d379e6cdb6364be3c2a073605b73b05cda7c6cd07b4a4bf353b221791426b5417dce21&_=2

Request Chain 184

https://d.adroll.com/cm/n/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expires=365

Request Chain 185

https://d.adroll.com/cm/o/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=c6f30eee545a87737d8d9e5e1aa8cc66&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=c6f30eee545a87737d8d9e5e1aa8cc66&gdpr=0&gdpr_consent=&cc=1

Request Chain 186

https://d.adroll.com/cm/outbrain/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 187

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 188

https://d.adroll.com/cm/taboola/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

Request Chain 189

https://d.adroll.com/cm/triplelift/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

Request Chain 190

https://d.adroll.com/cm/x/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

278 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/ 469 KB
66 KB 4660ms
4425ms Document
text/html 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f47902a07709d50785bc53f35008816ad6bd598fbae9c5caaf24c7787d6c1c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-edge-cache: cache,platform=wordpress
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 13 Dec 2024 06:40:16 GMT
host-header: WordPress.com
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/" <https://cyble.com/wp-json/wp/v2/posts/69814>; rel="alternate"; title="JSON"; type="application/json" <https://wp.me/pf01Lu-ia2>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 3.lhr _atomic_ams MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-nananana: Batcache-Set
x-nitro-cache: MISS
x-nitro-disabled: 1
x-nitro-disabled-reason: url not allowed
x-xss-protection: 1; mode=block

GET
H2 200 related-posts.css
cyble.com/wp-content/plugins/jetpack/modules/related-posts/ 7 KB
2 KB 117ms
116ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/related-posts/related-posts.css?ver=20240116

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d3464756d074e73852d37e33c5113f5091731620ec0429917a74f1d6a80d02d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"65aebbb8-1d94"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 22 Jan 2024 19:02:16 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 113 KB
15 KB 116ms
116ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=19.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

116f7f1694a68142058c98492da5867364419dc5eb682c8c12a14b70a9377ba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67478eee-1c3ab"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Wed, 27 Nov 2024 21:28:14 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 48 KB
10 KB 116ms
116ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c8b34d1dc6fe4a35430145b91b748edc088120ef291c09a9dea9e62f87ce3af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67460f42-befd"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Tue, 26 Nov 2024 18:11:14 GMT
server: nginx
vary: Accept-Encoding

GET 21f179a5-0803-43d4-96cb-f022008d0925
https://cyble.com/ Frame 0
0

GET
H2 200 css
fonts-api.wp.com/ 5 KB
1 KB 394ms
160ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

80b0a5f7cd77876b8cba22b64a51004354570213a17e39942a8fc0cff220823a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:40:16 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-nc: BYPASS lhr 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: nginx

GET
H2 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 78 KB
9 KB 129ms
127ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=2.0.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

af9a996c2c81dfd42f250744c203f1c5cea19f97d95529eace340098a6f43eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674f38b7-136cb"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Tue, 03 Dec 2024 16:58:31 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 58 KB
3 KB 130ms
129ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"61f142da-e64d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/ 11 KB
3 KB 335ms
109ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Tue, 29 Sep 2020 15:53:06 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/ 4 KB
1 KB 335ms
109ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: text/css
vary: Accept-Encoding
server: nginx
last-modified: Fri, 07 Jun 2019 20:45:02 GMT

GET
H2 200 front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 129ms
129ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67476ed1-13c8"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Wed, 27 Nov 2024 19:11:13 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 776 B
608 B 116ms
114ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=2.0.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674f38b6-308"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Tue, 03 Dec 2024 16:58:30 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 59 KB
8 KB 117ms
114ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

07b3080947ec91669e4217cf8f173b8ed033fe5acf7e38cdac5626181c68bdba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-ec9f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/ 16 KB
5 KB 117ms
114ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-4057"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 e-swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/css/conditionals/ 10 KB
1 KB 117ms
115ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9bc52b3c4e9973d64baa482f332ed895f80d0cd2be37e6a49bf1a2e831eb5ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-2814"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
719 B 152ms
150ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1734065689

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8149b77a96ece76089f6f3203e8931c73b63d1fe943566f42ab6aaf103167fb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675bbe19-4bd"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Fri, 13 Dec 2024 04:54:49 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 popup.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/ 995 B
699 B 152ms
150ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/popup.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3e86e49c78cd2befb9c7e7b27ee263298290728f7489b17077f00c25e37a5838

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-3e3"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 661 KB
72 KB 152ms
150ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d878ebabb3e2781a67e68dd513954290a73031c5f08dd17fd4b83f3666ac4ac7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-a54b8"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-social-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 5 KB
1 KB 152ms
151ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.24.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0cd088147551ecae9b1e29c2ac532c56bb99132973e1310f4911d7fa31997a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-130b"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 brands.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 732 B
647 B 152ms
151ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5009a34e30063ffb89185274681b359ae8c7dac19a606d5b1456ee3524cbc9b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-2dc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 fontawesome.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 70 KB
13 KB 153ms
151ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d417b6ed49cb6ae3dfe2b0bab5d865472052cd0286a9478c74cbb09a02a56d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-119f8"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 solid.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 727 B
650 B 154ms
153ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

93cf6e96459e42f9f656e03ec4800578dc2c021dcde475c9e5e891a7780b0866

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b0-2d7"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 23 KB
3 KB 154ms
153ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1734065689

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

085f1c63aab752f05fb97467a71718350db0c975cef72e035fac1077ea68abbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675bbe19-5a64"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Fri, 13 Dec 2024 04:54:49 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 subscription-modal.css
cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/ 2 KB
864 B 153ms
152ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/subscription-modal.css?ver=14.2-a.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"65aebbb8-632"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 22 Jan 2024 19:02:16 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 style.css
cyble.com/wp-content/plugins/jetpack/modules/likes/ 5 KB
2 KB 153ms
152ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/likes/style.css?ver=14.2-a.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fa8d2aa34c3125a0fce865a24d0f39bd388269f4ee2c41786dc6c400a023dbb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6601c4f6-1509"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Mar 2024 18:39:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 astra-addon-6748b26df282a9-42838972.css
cyble.com/wp-content/uploads/astra-addon/ 50 KB
7 KB 153ms
152ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-6748b26df282a9-42838972.css?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dfb10d80519eef92b73d18d564188be9de6b6c95c63ecfda24285082cf0e110c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6748b26d-c75d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 28 Nov 2024 18:11:57 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-19102.css
cyble.com/wp-content/uploads/elementor/css/ 30 KB
4 KB 140ms
134ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-19102.css?ver=1734065690

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

43f40a0cc41c14ddc22a05003bef95344b8543a6a08419a9fdf060e21b829f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675bbe1a-7982"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Fri, 13 Dec 2024 04:54:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-heading.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 600 B
494 B 165ms
159ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

eb44a6c9baae15c389f2ecec670fe71f14475cf243cc72b07f9651a69cbbfcc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-258"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-image.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 254 B
570 B 164ms
158ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d018c3b7866a6fda120b5799d43d38125cd34c7948a9b8d21366f509e65225bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "675aaa57-fe"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 254
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx

GET
H2 200 widget-post-info.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 560 B
514 B 164ms
159ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-post-info.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

07d83ac2f03fbf47783b4f206e6a69f2b243478a826f798b76c761f051d82c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-230"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-icon-list.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 164ms
159ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

acf2cf05e7750864206310e6dfb30e54d583894e598f432cb6b46baf944eec7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-26c9"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 bounceIn.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/ 367 B
683 B 165ms
160ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/bounceIn.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

02ae6101096a037cafe3c0bb64a0cb7faf1d617bf6afe35b3405f02f03096b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "675aaa57-16f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 367
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx

GET
H2 200 fadeIn.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/ 77 B
392 B 165ms
160ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeIn.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d9c370831c74b1850d70f5b1c99453d6cda21e5099428a3f21c43bd96c3acb5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "675aaa57-4d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 77
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx

GET
H2 200 widget-call-to-action.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 11 KB
2 KB 165ms
160ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-call-to-action.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2991f7f34eb201072e46bb4fbcdf5b2e431e224d94323e87e8bef2061f916d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-2d28"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 transitions.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/ 7 KB
993 B 165ms
160ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/conditionals/transitions.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

63bc9667d37a904feb7751646abe3e677541f4de361aab8038776a3f27c988f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-1c58"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-image-box.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 1 KB
661 B 165ms
161ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-image-box.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4b455f1f5679023a814b016d6c2477ec8b340f601faae1d6da6beb113e607d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-581"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-share-buttons.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 32 KB
3 KB 165ms
161ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

59392172c6f1cf8ea759444b9ae36b146f598177954db71f7ede977a16c05d7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-7f52"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 apple-webkit.min.css
cyble.com/wp-content/plugins/elementor/assets/css/conditionals/ 7 KB
911 B 165ms
161ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/conditionals/apple-webkit.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3913695714c66c8475f8a3e3af033ad1772cab8f14d028fbc84012d8f9fb7472

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-1b71"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-post-navigation.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 2 KB
848 B 165ms
161ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-post-navigation.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

855e3a5b5cb2a84ca1035c027897c394e4bddae973ad0afbdf5e88aed4f6c049

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-945"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-posts.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 14 KB
3 KB 165ms
162ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

354a9ee56973d6aa01d66da9905724c3432837ae821ecad80434049cb6b15185

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-3858"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-29249.css
cyble.com/wp-content/uploads/elementor/css/ 21 KB
3 KB 269ms
265ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-29249.css?ver=1734065690

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5aa829951ee5d3932eb7689133dc79f5e8156cde680637cb6f87cc6c33a46d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675bbe1a-53d4"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams MISS
content-type: text/css
last-modified: Fri, 13 Dec 2024 04:54:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-59717.css
cyble.com/wp-content/uploads/elementor/css/ 2 KB
861 B 165ms
162ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-59717.css?ver=1734065690

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f7daf92d34ab4b3159b92726a0d12c15ea1dac04811e2536192854ca24271201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675bbe1a-660"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Fri, 13 Dec 2024 04:54:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 post-55787.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
795 B 165ms
162ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-55787.css?ver=1734065690

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0eb0fd9517c69d0c495a9ae4dde49828daf40cb663580cbfb8065ca72e9d01fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675bbe1a-5fc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Fri, 13 Dec 2024 04:54:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 public.css
cyble.com/wp-content/plugins/recent-posts-widget-with-thumbnails/ 1 KB
789 B 167ms
164ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/recent-posts-widget-with-thumbnails/public.css?ver=7.1.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

841877ad87c6b92f15ea82ac53484bd2f5a1504d3cea91e30e631f874dc3f19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"66ba14b1-43b"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 12 Aug 2024 13:57:05 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-icon-list.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 166ms
163ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=3.24.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

89bb54e03aff26116dd642771d281a558e3bab02d9233ec66e9bac269b6780c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8af-26c9"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:57:51 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 widget-blockquote.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 5 KB
1 KB 166ms
163ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-blockquote.min.css?ver=3.25.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e075a50ed4fe42b9a1e7c1d52a00c71d205a55fa7278b07648078fd7cd7fd5ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8b8-1469"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: text/css
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 css
fonts-api.wp.com/ 128 KB
5 KB 338ms
145ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.7.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

995ba4041c9436244e4dd82e9e6aa2aed22204ab279dfd4f31d0325c5fa10b25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:40:16 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-nc: BYPASS lhr 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: nginx

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ 86 KB
31 KB 297ms
111ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/jquery.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Mon, 28 Aug 2023 17:14:23 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ 13 KB
5 KB 295ms
109ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 09 Jun 2023 05:49:24 GMT

GET
H2 200 related-posts.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 165ms
163ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6490a98c-1661"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: application/javascript
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 front.min.js Show response
cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 165ms
164ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67476ed1-21fc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: application/javascript
last-modified: Wed, 27 Nov 2024 19:11:13 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 456 KB
145 KB 395ms
132ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

aea4ed531e389795d8b3a4c2372c7fe9c0ce96225615e791100cd5d7c4837aaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 06:40:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 148101
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 meetings-widget.js Show response
assets.apollo.io/js/meetings/ 1 MB
288 KB 318ms
159ms Script
application/javascript 172.67.2.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.apollo.io/js/meetings/meetings-widget.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.2.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf373e2200800bb58f0d08066deec54c76281b8990ef41adb7363518ece0dea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=weCzwA==, md5=800xcy6EM/sP2lacNiUUkQ==
etag: "f34d31732e8433fb0fda569c36251491"
cf-cache-status: HIT
x-goog-stored-content-encoding: gzip
expires: Sat, 13 Dec 2025 06:22:01 GMT
x-goog-stored-content-length: 294035
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
last-modified: Fri, 13 Dec 2024 05:42:08 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC4CqHOJGyV5up5No0W3qyGDQpBFmRY0kSau4_WQY1M0YsbEELI5uzNFz66ybgB8vWlkMEnkSOjexA
cache-control: public, max-age=31534905
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 8f13f6392c80c22e-TLV
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1734068528348149
content-length: 294035
server: cloudflare

GET
H2 200 /
cyble.com/ 13 KB
4 KB 1159ms
1158ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/?custom-css=a62b733676

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c26aaa5b7a820c774786f40b28be241ddb4257312745121c33b7428699501002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-ac: 3.lhr _atomic_ams MISS
strict-transport-security: max-age=31536000
cf-edge-cache: cache,platform=wordpress
cache-control: no-cache
content-encoding: br
expires: Sat, 13 Dec 2025 06:40:17 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
host-header: WordPress.com
content-type: text/css;charset=utf-8
vary: Accept-Encoding, accept, content-type, cookie
server: nginx
x-hacker: Want root? Visit join.a8c.com and mention this header.

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 2 KB
2 KB 386ms
124ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?resize=150%2C50&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "9139dbe209fb33fd"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Thu, 12 Nov 2026 23:53:09 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: image/webp
last-modified: Tue, 12 Nov 2024 11:53:09 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 7
access-control-allow-origin: *
content-length: 2048
server: nginx

GET
H2 200 Cyble-Black-Logo-1-2127859258-1637602085949.png
cyble.com/wp-content/uploads/2021/11/ 57 KB
58 KB 158ms
157ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2021/11/Cyble-Black-Logo-1-2127859258-1637602085949.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7d12aff8ee5cdb12ff8c234e4ff7168c52d8d7522be165b9c1fc9698f15b2123

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "619bd325-e5ac"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:08 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 58796
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: image/png
last-modified: Mon, 22 Nov 2021 17:28:05 GMT
server: nginx

GET
H2 200 hawk.png
cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 157ms
157ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/01/hawk.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "65ae78a5-11a0"
access-control-allow-methods: GET, HEAD
expires: Thu, 27 Nov 2025 07:17:07 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 4512
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 3.lhr _atomic_ams HIT
content-type: image/png
last-modified: Mon, 22 Jan 2024 14:16:05 GMT
server: nginx

GET
H3 200 favicon-32x32-1.png
cyble.com/wp-content/uploads/2024/05/ 1 KB
2 KB 110ms
109ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/05/favicon-32x32-1.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

444ddf787deff39d7f0971825470863a3086ad0a5050c3e62eeb43f054840a4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "664efb6a-5a2"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:58:47 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1442
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: image/png
last-modified: Thu, 23 May 2024 08:16:42 GMT
server: nginx

GET
H3 200 favicon-2-1.webp
cyble.com/wp-content/uploads/2024/09/ 862 B
1 KB 111ms
111ms Image
image/webp 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/09/favicon-2-1.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4603778746bf8372d75ec7350fe3a07572fc909aaee89fc89595fc93c82699f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "66f1503e-35e"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:58:48 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 862
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: image/webp
last-modified: Mon, 23 Sep 2024 11:25:50 GMT
server: nginx

GET
H3 200 CyberExpress-logo-icon-2024.png
cyble.com/wp-content/uploads/2024/07/ 13 KB
13 KB 111ms
110ms Image
image/png 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/07/CyberExpress-logo-icon-2024.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb12197731dc09800fdafd6a73fb48db5b8d62169139184d0b6fc729192fee50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "6699efa8-337a"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:58:48 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 13178
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: image/png
last-modified: Fri, 19 Jul 2024 04:46:32 GMT
server: nginx

GET
H3 200 products-img-copy.webp
cyble.com/wp-content/uploads/2024/05/ 116 KB
116 KB 135ms
128ms Image
image/webp 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/05/products-img-copy.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bac4ad58a5fd50a805c9b5fb87e844c16c61ea654bf12a8067fef84062ad7d31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "664f150e-1cf8c"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:59:02 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 118668
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: image/webp
last-modified: Thu, 23 May 2024 10:06:06 GMT
server: nginx

GET
H3 200 web-image-04-2.webp
cyble.com/wp-content/uploads/2024/11/ 32 KB
33 KB 228ms
222ms Image
image/webp 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/11/web-image-04-2.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0d5b75c856840e6416a09983363ebc6fccf18c130675a5034ff8094e9bdbb0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "6749ac56-80ec"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:59:02 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 33004
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: image/webp
last-modified: Fri, 29 Nov 2024 11:58:14 GMT
server: nginx

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 142ms
73ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "603e8adc-15d9d"
age: 133440
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBQTiW0EqKn6YDB%2BeDgU5q5max3tHqL%2FtO4YeJMBpsiL2tsLyx1Y28XM3EpFO1hZOBP5EFJLvzdxHR2Myna8eE5OezW5x92TlEeHv%2FyiG4tZPz6ei98ArqqML78xZAZhuKmYPM9q"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 03 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f13f637f934c21d-TLV
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27938
server: cloudflare

GET
H2

200

gsap.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.co/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/gsap.min.js
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

71 KB
34 KB

82ms
80ms

Script
application/javascript

104.17.246.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

104.17.246.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "11a16-LSb0wGBJGsmA0JymhziNNhAlbrc"
age: 2352178
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01JCS8QFKW5DE9XYS9FEG5473P-cdg
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8f13f63b7eb6c22e-TLV
access-control-allow-origin: *
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, s-maxage=600, max-age=60
location: /gsap@3.12.5/dist/gsap.min.js
content-encoding: br
cf-cache-status: HIT
age: 19
x-content-type-options: nosniff
via: 1.1 fly.io
cf-ray: 8f13f63aee36c22e-TLV
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/plain; charset=utf-8
vary: Accept, Accept-Encoding
fly-request-id: 01JEZBXNPBFYMCEH29QG3FXX5Y-cdg
server: cloudflare

GET
H2

200

Draggable.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.com/gsap@3/dist/Draggable.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/Draggable.min.js
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

35 KB
17 KB

85ms
79ms

Script
application/javascript

104.17.246.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

104.17.246.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "8a94-HTZjIxm5OZUF37t9NM8RcD3q8Uo"
age: 2330618
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01JCSX9DVGA3M9QK87DC0GC998-cdg
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8f13f63b1e4ec22e-TLV
access-control-allow-origin: *
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, s-maxage=600, max-age=60
location: /gsap@3.12.5/dist/Draggable.min.js
content-encoding: br
cf-cache-status: EXPIRED
x-content-type-options: nosniff
via: 1.1 fly.io
cf-ray: 8f13f63a1d77c22e-TLV
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/plain; charset=utf-8
vary: Accept, Accept-Encoding
fly-request-id: 01JEZBY83KCPDWHHF33DV6X7A3-cdg
server: cloudflare

GET
H2 200 Cyble-Blogs-UAC-0215-Phishing.jpg
i0.wp.com/cyble.com/wp-content/uploads/2024/10/ 21 KB
21 KB 374ms
125ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/10/Cyble-Blogs-UAC-0215-Phishing.jpg?w=800&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

488c61b1e9b0b33d58f29ea36304b03b688b2107afebe80a78e2053c81244adc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "7533bf7898f6434e"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Thu, 26 Nov 2026 01:30:37 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: image/webp
last-modified: Mon, 25 Nov 2024 13:30:37 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/10/Cyble-Blogs-UAC-0215-Phishing.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 6
access-control-allow-origin: *
content-length: 21142
server: nginx

GET
H2 200 Banner-1200-x-90.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/08/ 36 KB
36 KB 122ms
121ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/08/Banner-1200-x-90.webp?w=1200&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

67949cf81b1031891a9ce94e48a4d7f2eb8bf47f945f0eb8b6dadaa1b00d4ca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "2e0994b6edafc133"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 02:29:47 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Tue, 26 Nov 2024 14:29:47 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/08/Banner-1200-x-90.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 7
access-control-allow-origin: *
content-length: 36514
server: nginx

GET
H2 200 in.js Show response
platform.linkedin.com/ 511 KB
160 KB 444ms
119ms Script
text/javascript 2.16.164.35
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.164.35 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-16-164-35.deploy.static.akamaitechnologies.com

Software

Play /

Resource Hash

411845113d9d280c3d67c5d304dae27ab10541415b35d098fe832d4bf9659420

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-li-pop: prod-lva1-x
cache-control: public, max-age=3600
content-encoding: gzip
x-cdn: AKAM
x-li-fabric: prod-lva1
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 07:01:04 GMT
x-li-uuid: AAYpII5bEr0e8byIMagWTQ==
x-li-proto: http/1.1
content-length: 163882
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
server: Play
x-cdn-client-ip-version: IPV4

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 369ms
113ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Fri, 13 Dec 2024 06:40:17 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kcgs7200137-IAD, cache-fra-etou8220142-FRA
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
H2 200 stars
www.g2.com/products/cyble/widgets/ 19 KB
21 KB 535ms
383ms Image
image/png 104.16.189.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.g2.com/products/cyble/widgets/stars?color=white&type=reviews

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.189.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

335232b6561e0fbf8142961ab04844d975fb1f4ba7ea1e0535557897da8ce364

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src * 'self' .g2crowd.com .g2.com; frame-src * 'self' .g2crowd.com .g2.com; font-src * data: 'self' .g2crowd.com .g2.com; form-action * 'self' .g2crowd.com .g2.com; img-src * data: blob: 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src * blob: 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' .g2crowd.com .g2.com; style-src * 'unsafe-inline' 'self' .g2crowd.com .g2.com; worker-src * blob: 'self' .g2crowd.com .g2.com; frame-ancestors *
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 79f206a0-e0c8-4874-948a-dd95b49c0288
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"604ffbc0e47b8197f0bcd7d7112d83bd"
x-scrapable-source-location: widgets#stars
x-permitted-cross-domain-policies: none
we_are_hiring: https://company.g2.com/careers/open-positions
x-content-type-options: nosniff
x-scrapable-route: false
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/png
content-disposition: inline; filename="white-9.png"; filename*=UTF-8''white-9.png
vary: Origin,Accept-Encoding
last-modified: Thu, 12 Dec 2024 22:51:22 GMT
x-runtime: 0.017672
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action * 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
cache-control: max-age=0, private, must-revalidate
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
content-transfer-encoding: binary
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8f13f63b8de37da0-TLV
x-datadome: protected
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 Stay-Ahead-of-Cyber-Threats-300x300-02a-1.gif
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 43 KB
44 KB 123ms
115ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/Stay-Ahead-of-Cyber-Threats-300x300-02a-1.gif?fit=300%2C300&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9d2c8f34912c4d2e7f1d5ca8b1a6696c65bea86c646beea1eb550b897c61bf50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "a3886086c518e761"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sat, 05 Dec 2026 21:51:23 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Thu, 05 Dec 2024 09:51:23 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/01/Stay-Ahead-of-Cyber-Threats-300x300-02a-1.gif>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 6
access-control-allow-origin: *
content-length: 44268
server: nginx

GET
H2 200 Global-Cyber-Threat-Intelligence-Overview-2024-710-x-1004-1-3-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/10/ 77 KB
78 KB 228ms
220ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/10/Global-Cyber-Threat-Intelligence-Overview-2024-710-x-1004-1-3-1.webp?fit=710%2C1004&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

816f0f0a1db908a37d05ec0153492892ccd46a99d2dbe8b6b01df6690934ea9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "9fed0609d5fc11ea"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 18:54:44 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 06:54:44 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/10/Global-Cyber-Threat-Intelligence-Overview-2024-710-x-1004-1-3-1.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 4
access-control-allow-origin: *
content-length: 78928
server: nginx

GET
H2 200 CISO-web-homepage-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/07/ 56 KB
56 KB 161ms
153ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/07/CISO-web-homepage-1.webp?fit=710%2C1004&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

1720f9f3ba818b6997a7a09443b08b846186066911e58f8c47f793bd811912d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "9b8fd364091d10f1"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 02:29:47 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Tue, 26 Nov 2024 14:29:47 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/07/CISO-web-homepage-1.webp>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 5
access-control-allow-origin: *
content-length: 57186
server: nginx

GET
H2 200 Cyble-Blogs-CVE-2024-49138.png
i0.wp.com/cyble.com/wp-content/uploads/2024/12/ 483 KB
484 KB 223ms
219ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/12/Cyble-Blogs-CVE-2024-49138.png?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

fbf5741c417364f80cfe08290c99d22b0e2483f732aafcdc150d8d38711ee2e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "070e348e88feb561"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sun, 13 Dec 2026 02:59:59 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Thu, 12 Dec 2024 14:59:59 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/12/Cyble-Blogs-CVE-2024-49138.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 1
access-control-allow-origin: *
content-length: 494208
server: nginx

GET
H2 200 CybleBlogs-9-2.jpg
i0.wp.com/cyble.com/wp-content/uploads/2024/12/ 624 KB
626 KB 224ms
220ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/12/CybleBlogs-9-2.jpg?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

f8284fe78808e491ea674ba48a37870d58e6cd86f205b4df9207f53be0c9f9dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "2f83784c318b5819"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sat, 12 Dec 2026 23:42:19 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Thu, 12 Dec 2024 11:42:19 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/12/CybleBlogs-9-2.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 7
access-control-allow-origin: *
content-length: 639472
server: nginx

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
3 KB 125ms
119ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202450
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 40cb25cf386062cf660429f20aa17b915e9537d688d55743758aff5e9525a38e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT lhr 2
etag: W/"666afffd-1849"
access-control-allow-methods: GET, HEAD
expires: Tue, 09 Dec 2025 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
x-ac: 4.lhr _dca MISS
content-type: application/javascript
last-modified: Thu, 13 Jun 2024 14:19:41 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
1005 B 146ms
141ms Script
application/javascript 104.16.139.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db3957ef24dc8e7f006157227eb3e0c7a6e8cd1928920da0fc435a86a5a80833

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:41:47 GMT
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: a24c589a-dc76-4253-9cc4-25b5f1c013f6
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:39:47 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8f13f63aeb397d9e-TLV
accept-ranges: bytes
access-control-allow-origin: https://cyble.com
content-length: 707
server: cloudflare

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 485 KB
157 KB 162ms
75ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb14dfe8ae5aaa4a01824e5fc91c51fb3302150e6143796961e266017ac39817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: a314a3f3-489d-433d-ba81-18cd3974d9d9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"558de7b20c531aa81c999732b3c69474"
x-amz-version-id: nL.3tgVnBfE9VUOI2CFVsUxrNJIPlAAW
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
age: 459
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6xz4KQ5J9hspcHif3xhynAXgmzKKzJOV4YBILmus3FM5d1iq1OMcSkiEksZRMJSJIlasaVN0M%2F5ym8sFJZpybipjpffhn%2FsX1dzLPLN51tpvgAA1MG4TTuwifweHOLc9"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 6gaJu_u8w2oKhV1VfozXpp77l60uYFb7FK6-JD5QSXcvAVMjMKEnWA==
x-hubspot-correlation-id: a314a3f3-489d-433d-ba81-18cd3974d9d9
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 15:46:41 UTC
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xbknh
x-envoy-upstream-service-time: 0
x-hs-target-asset: forms-embed/static-1.6926/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Fri, 13 Dec 2024 06:40:16 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6926/bundles/project-v2.js&cfRay=8f1202b12d12d359-FRA
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
cf-ray: 8f13f6389c13c224-TLV
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 187ms
183ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?fit=300%2C100&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

etag: "965346551af20709"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Sun, 22 Nov 2026 02:43:48 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Thu, 21 Nov 2024 14:43:48 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT lhr 7
access-control-allow-origin: *
content-length: 4562
server: nginx

GET
H3 200 widget-text-editor.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 704 B
530 B 114ms
109ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d6675584b8707b13eb0754b2439048947105a1395198abeccec14ec8d6e482af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-2c0"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 widget-social-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 5 KB
1 KB 116ms
110ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

92c1f9388530e920dbf200485780445a2f19c6b78e9d5215eb4cf42c217a95e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-130b"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
298 B 117ms
109ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "6748b262-0"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: text/css
last-modified: Thu, 28 Nov 2024 18:11:46 GMT
server: nginx

GET
H3 200 motion-fx.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/ 639 B
550 B 119ms
109ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/motion-fx.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f16c3ea44afc678d334551e6d587690abe2c70306c21cbd41bf675cefe9efe6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-27f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 sticky.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/ 162 B
466 B 122ms
111ms Stylesheet
text/css 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/modules/sticky.min.css?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6f0b2e96bd88c2d8512dfd204adaf2251376467a1f834a51c66ce85f0051979d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "675aaa5f-a2"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 162
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: text/css
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 23 KB
6 KB 123ms
111ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

495fed24d3e9684ea506e6b7128c5ae3f8bb59a053dbf77207cfcaa8f32c0e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67460f42-5db2"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Tue, 26 Nov 2024 18:11:14 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
1 KB 571ms
165ms Script
application/javascript 104.16.139.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.75

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b654ec417d94ece7ba0127055d29e9b7afde13eb8e0f38767b5387086bbeb9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:41:47 GMT
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: 88431eda-05b4-41d4-a6f5-c25420e58de9
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:39:47 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8f13f63a9ac17d9e-TLV
accept-ranges: bytes
access-control-allow-origin: https://cyble.com
content-length: 712
server: cloudflare

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/link-whisper-premium/js/ 5 KB
2 KB 123ms
111ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/link-whisper-premium/js/frontend.min.js?ver=1732561086

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

51961b2c0bdbfaa3f8cb21e59d2ae04e029c44edd84d95e8fb4b67ca55e26b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6744c8be-1237"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:06 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/dom-ready/ 460 B
774 B 124ms
112ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/dom-ready/index.min.js?ver=222ad38e3e5e302c8bbf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
etag: "67478eee-1cc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 460
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Wed, 27 Nov 2024 21:28:14 GMT
server: nginx

GET
H3 200 main.js Show response
cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/ 6 KB
3 KB 129ms
117ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67517a2d-19b5"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 10:02:21 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 subscription-modal.js Show response
cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/ 4 KB
2 KB 129ms
117ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/subscription-modal.js?ver=14.2-a.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

971f611c332c69581c6c65714bba01dce6e8f19a2fcfb8c04f87c60efcae9c69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"673b88bc-f1a"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Mon, 18 Nov 2024 18:34:36 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 astra-addon-6748b26e2133f9-18003370.js Show response
cyble.com/wp-content/uploads/astra-addon/ 37 KB
8 KB 130ms
117ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-6748b26e2133f9-18003370.js?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a2ab001c7323aaf5bf6ba68d2aac9f8e4766144ddc83ae8d64e5b95203321e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6748b26e-9387"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 18:11:58 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 purify.min.js Show response
cyble.com/wp-content/plugins/astra-addon/assets/js/minified/ 21 KB
9 KB 127ms
115ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/assets/js/minified/purify.min.js?ver=4.8.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

44a647ea363f1573ac79f9d249cd3b07c8c026fa6b0a1107c6ca6cbed852b5cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"6748b262-5466"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 28 Nov 2024 18:11:46 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 jquery.sticky.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 127ms
115ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-e89"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 imagesloaded.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/ 5 KB
2 KB 125ms
110ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/imagesloaded.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 11 Aug 2023 18:18:26 GMT

GET
H2 200 e-202450.js Show response
stats.wp.com/ 7 KB
3 KB 380ms
112ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202450.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=31536000
content-encoding: br
x-nc: HIT lhr
etag: W/14421-1717166113530.9253
x-minify: t
x-minify-cache: hit
access-control-allow-methods: GET, HEAD
expires: Mon, 08 Dec 2025 00:52:18 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx

GET
H3 200 helper.min.js Show response
cyble.com/wp-content/plugins/optinmonster/assets/dist/js/ 2 KB
1 KB 125ms
115ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.16.13

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67509ae0-7cb"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Wed, 04 Dec 2024 18:09:36 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 166ms
74ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=1.0.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"09282956186c8515ef0d208902803581"
age: 2098
expires: Mon, 16 Dec 2024 06:40:17 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: OneSignal-Subscription-Id
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=259200
via: 1.1 google
cf-ray: 8f13f63b7978c22f-TLV
server: cloudflare

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/dist/vendor/ 37 KB
14 KB 122ms
110ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4be59303a71dba6e02707efdaf510e858b5a703d09811680dbc3fada6c2111c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Fri, 20 Sep 2024 01:55:35 GMT

GET
H3 200 view.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 5 KB
2 KB 125ms
115ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=14.2-a.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8aece4bc00bb232af7eb9025ffe6ab936b93b2d7f408fa0ba242831682aa07e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"66d5ccea-148c"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 14:34:18 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
4 KB 125ms
116ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0a0b85f55ebb7086cee0971885ce7e6ffea8e46b1cef521394122362102518c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-51bc"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 133ms
124ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

270e916e0527855b7fb38a288df78658e646a99a057969e4172506375ae17820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-d3d"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 134ms
125ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.37.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"674aac7f-7ad"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Sat, 30 Nov 2024 06:11:11 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 135ms
126ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a401a332e7a2cc547d0ce81dc17464bef062e74ca77b3fe22ee2d0808cde9e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-1877"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 136ms
126ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4b62fd78e5832abef96cfc24e882441bccf64d650bf30c73031bb806537dc5cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-1484"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 54 KB
16 KB 136ms
127ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

532ec0a8ff060940d08538210d87e797e29184960d8ec8ecb77d718016a75166

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-d628"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 5 KB
2 KB 129ms
120ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=84e753e2b66eb7028d38

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a751e5eaf162f1ffd88318bd3156b6fa5f6cd8fec6885d0d840d1af7dfa7795d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67478eee-127a"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Wed, 27 Nov 2024 21:28:14 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 129ms
121ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=bd5a2533e717a1043151

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f173fd421b26d6877143a9120fd91f86cd07e4deaa36b9fb2e04dec261ab3462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"67478eee-227f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Wed, 27 Nov 2024 21:28:14 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 130ms
121ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

738fdb8a6b4ebd3f4d9f6f245c842758ffc4f3b0cffb9a3907c7f482cf44446a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-6152"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 core.min.js Show response
c0.wp.com/c/6.7.1/wp-includes/js/jquery/ui/ 21 KB
7 KB 120ms
111ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.7.1/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15552000
cache-control: max-age=31536000
timing-allow-origin: *
content-encoding: br
x-nc: HIT hhn 1
access-control-allow-methods: GET, HEAD
expires: Sat, 13 Dec 2025 06:40:16 GMT
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-origin: *
date: Fri, 13 Dec 2024 06:40:16 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx
last-modified: Thu, 27 Jun 2024 12:55:22 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 43 KB
14 KB 131ms
122ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.11

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

eea6d642e525e9a94e8d44468a6712cda3d0d45a63f199eeecee8c25a9702f2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa57-ac5f"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:15 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 42 KB
11 KB 136ms
128ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.25.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1dc79c9fc63ac8a67072ab41d426aea6b6cdc397c3b572168e65c15bd5c0e3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=315360000
content-encoding: br
etag: W/"675aaa5f-a9b7"
access-control-allow-methods: GET, HEAD
expires: Thu, 31 Dec 2037 23:55:55 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:16 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Thu, 12 Dec 2024 09:18:23 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 342 KB
116 KB 139ms
136ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4c98398d31cd944d285444f52292b17e7e3f5d07dc0faf88f86f9dc7130b761f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 13 Dec 2024 06:40:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 118390
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 tracker.iife.js Show response
assets.apollo.io/micro/website-tracker/ 3 KB
2 KB 112ms
110ms Script
application/javascript 172.67.2.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=75lhuj
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.2.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=I3tUEw==, md5=SC6zvnW2DshviOm8MzN+iA==
etag: "482eb3be75b60ec86f88e9bc33337e88"
age: 5964
cf-cache-status: HIT
x-goog-stored-content-encoding: gzip
expires: Sat, 13 Dec 2025 04:37:30 GMT
x-goog-stored-content-length: 1168
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript
last-modified: Mon, 12 Feb 2024 19:05:14 GMT
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5RcsZyXJMUDB4Ejtxeriy8tX2r9TKFh5eRLECv9Cr711oBkOzw6LcGY6e5HMTpJExRd2rtG0wiYg
cache-control: public, max-age=31528633
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 8f13f63aee35c22e-TLV
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1707764714580510
content-length: 1168
server: cloudflare

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 105 KB
32 KB 359ms
113ms Script
text/javascript 18.245.86.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dd50a069ce44ef76fe45513ec96933c7184f6972416284323e49e68b934712f7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: DoYq5Ez5WM5ptUeexmjX9lNtuQZ40Ngz
Etag: W/"f2ba847cc4491d83e86d9f3d3fe8a5e9"
Age: 290
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: dTG9MnIcqeBkH72UnF5CQvWVKU5oOY44pRsm6DJhRPqH2_vFZvvujg==
Date: Fri, 13 Dec 2024 06:39:49 GMT
Content-Type: text/javascript; charset=utf-8
Vary: accept-encoding
Last-Modified: Thu, 12 Dec 2024 11:51:12 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 fca814089bc9a82fba87ce0548f9f358.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: FRA60-P6
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 JPtKKXLsjJbtelUWnenRbIbVJOerqPTK Show response
nitroscripts.com/ 993 B
756 B 317ms
178ms Script
text/javascript 172.64.154.248
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nitroscripts.com/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.154.248 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a25c19dbd47bf7b70982d51eb7cb40e12f1ae3070bd04ec5a974e8d2ca8f7736

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=600, stale-while-revalidate=31536000
content-encoding: gzip
cf-cache-status: HIT
cf-ray: 8f13f63c8a59c22f-TLV
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/javascript
last-modified: Fri, 13 Dec 2024 06:35:26 GMT
vary: Accept-Encoding
server: cloudflare

OPTIONS
H2 200 track_request
aplo-evnt.com/api/v1/intent_pixel/ Frame 0
0 359ms
217ms Preflight 34.107.133.146
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66aa6aa341d7bf055eb1fbce
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 146.133.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 7200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 0
date: Fri, 13 Dec 2024 06:40:17 GMT
server: nginx
status: 200 OK
via: 1.1 google

POST
H2 204 track_request
aplo-evnt.com/api/v1/intent_pixel/ 0
0 238ms
234ms Fetch 34.107.133.146
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66aa6aa341d7bf055eb1fbce

Requested by

Host: assets.apollo.io
URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=75lhuj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

146.133.107.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn .salesforce.com .lightning.force.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
x-transaction-id: 7b3d214e72e95085cd465c017961e5d6
access-control-max-age: 7200
cache-control: no-cache
content-security-policy: frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
x-content-type-options: nosniff
via: 1.1 google
status: 204 No Content
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
vary: Origin
server: nginx
x-frame-options: ALLOWALL

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 430ms
172ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je4cc0v885439329za200&_p=1734072016614&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178~102262856&cid=908001924.1734072017&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734072017&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=5823
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 353ms
124ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT hhn 2
age: 48199
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7884
date: Fri, 13 Dec 2024 06:40:17 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 349ms
121ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT hhn 2
age: 48066
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7748
date: Fri, 13 Dec 2024 06:40:17 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:54:05 GMT
server: nginx

GET
H3 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
4 KB 720ms
719ms Font
application/font-woff 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
etag: "67460f42-ce8"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:58:04 GMT
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 3304
date: Fri, 13 Dec 2024 06:40:17 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/font-woff
last-modified: Tue, 26 Nov 2024 18:11:14 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 351ms
124ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT hhn 2
age: 47941
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7816
date: Fri, 13 Dec 2024 06:40:17 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:03 GMT
server: nginx

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 434 KB
137 KB 144ms
144ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

be82ca442c451af6b0d2e8186a7d57bc7e939bbc6e9504d756d306e71e9d13cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 06:40:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 140169
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 collect
www.google.com/ccm/ 0
0 400ms
121ms Ping
text/plain 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=175292639.1734072017&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&auid=1463438234.1734072017&navt=n&npa=0&gtm=45He4cc0v868834701za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734072017410&tfd=5941&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
88 KB 140ms
140ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

8f7aad3f361844eb0a2aafdaf0e98f9b22a7d03c9e4df7c036e593c361173eda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 06:40:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89945
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 251ms
115ms Script
text/javascript 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
age: 7132
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:41:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 04:41:25 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 396ms
111ms Script
application/javascript 23.32.238.219
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.32.238.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-32-238-219.deploy.static.akamaitechnologies.com

Software

Resource Hash

5615cdac4c30b1fb905891f5de1e1dcf7745b6b0ec88cfc89360ee48fc240977

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=75834
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 5114
date: Fri, 13 Dec 2024 06:40:17 GMT
last-modified: Wed, 11 Dec 2024 08:31:33 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 249ms
118ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-PlXmo0KQ' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-PlXmo0KQ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=113, rtx=0, c=23, mss=1232, tbw=4517, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: 9hDJjbvEFnwyk2Y1XlU5oPTfTFicVthiJOl/HRSvtI5wIXHGClMc366K4yylWD0Ay79PcpBmN0HEOvm+9T1Prw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62212
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 434 KB
137 KB 222ms
221ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6181da06e2b03a123413bdc6cf139f8cdaad53ec3d3c36e0b3a930010b3db71c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Fri, 13 Dec 2024 06:40:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 140142
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 392ms
111ms Script
application/javascript 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Fri, 13 Dec 2024 06:40:17 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 853 B
1 KB 688ms
295ms Script
application/x-javascript 13.107.246.45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c97698b3250cd1b49dbf0a8990a0dc735704a59469b5dcf7960347f7b81483be

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 853
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/x-javascript
x-azure-ref: 20241213T064017Z-r1d67f7c65cgzz9nhC1MRSuqbs0000000220000000000rc6

GET
H2 200 1010805.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 425ms
274ms Script
text/javascript 104.18.30.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1010805.js?p=https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/&e=

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.30.176 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f0171934a868318185fd805252f4d75230bfc623b87e0100a0fb2d97001a048

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/javascript;charset=UTF-8
content-disposition: inline
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8f13f63e2ec67d9b-TLV
access-control-allow-origin: *
x-xss-protection: 0
origin-agent-cluster: ?1
server: cloudflare

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 288ms
173ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je4cc0v885439329za200&_p=1734072016614&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178~102262856&cid=908001924.1734072017&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1734072017&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=scroll&epn.percent_scrolled=90&_et=49&tfd=5967
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame C09B 0
0 370ms
115ms Document
text/html 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fcyble.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 46603
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 12 Dec 2024 17:43:34 GMT
expires: Fri, 12 Dec 2025 17:43:34 GMT
last-modified: Thu, 12 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1734071700000/ 68 KB
25 KB 321ms
161ms Script
text/javascript 104.17.175.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1734071700000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.175.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cfa0aa86ba2071144541fb9d26f2504f360d49dc25af11a0b8f1b523a59e48e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 507a9b2b-dfcc-413c-9be5-1d4eed47a5e0
content-encoding: gzip
cf-cache-status: HIT
etag: W/"56e2d969cae2e49c7c7ccf913e113ce3"
x-amz-version-id: null
expires: Fri, 13 Dec 2024 06:40:28 GMT
x-evy-trace-listener: listener_https
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: 507a9b2b-dfcc-413c-9be5-1d4eed47a5e0
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 21:03:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: /kFLbC7Pzj3VybKgOb8NhZM9gWh3+852gb8CBj8J3rIY43+NkwUUjr/YTuyIoJBvdfeFMh0II+P4FWVComojI+7s3VGEkIa9A0H+Kkv1xpc=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-jvj7x
x-envoy-upstream-service-time: 86
access-control-allow-credentials: false
x-amz-request-id: 650WJG7DE1RMHA6R
cf-ray: 8f13f63eaf577da4-TLV
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 71 KB
26 KB 380ms
243ms Script
text/javascript 172.64.147.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.16 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2f7d72587caa4ad01e2dea12665d2e1e83a1a6e3326c0eaec6e2131df0eec86

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 00aa239f-1118-4178-a91b-f74ed2a754bf
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"f2fef2fabb74ea607d35963c1d2a42a3"
x-amz-version-id: 1HGcWOOKe.DjPVtx06wt73pO72LgkEvr
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Fri, 13 Dec 2024 06:45:17 GMT
x-evy-trace-listener: listener_https
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: 00aa239f-1118-4178-a91b-f74ed2a754bf
content-type: text/javascript; charset=UTF-8
last-modified: Fri, 04 Oct 2024 10:36:50 GMT
vary: origin, Accept-Encoding
x-amz-id-2: rOMqyQPyNpN8MkFDAGowaSPQRRR9HsCiHtvvNxiXkuJZF8F0x1Jo7bDxYu85DzXeNMcE/TxGnIU=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-ds46d
x-envoy-upstream-service-time: 128
access-control-allow-credentials: true
x-amz-request-id: 9WZCG8VG4MVQNSKD
cf-ray: 8f13f63ef8a17d9e-TLV
access-control-allow-origin: https://thecyberexpress.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 314ms
168ms Script
application/javascript 104.18.140.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.140.17 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 4de1d0be-d04a-4b66-8ddf-fce9a2603813
content-encoding: gzip
cf-cache-status: HIT
etag: W/"e9829c28fae41e369bd948323746cc37"
x-amz-version-id: PqQn.3x38ZWRmSYb9J2u1wYA9Etnh36Z
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: -2_JPgWJQ-co80_JHX3y8MuVdYbLAZWd4MsRTHsi1MbhcILgorfTjQ==
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: 4de1d0be-d04a-4b66-8ddf-fce9a2603813
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 15:49:15 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xqtv6
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js&cfRay=8f0ee1934e2e9d37-WAW
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
cf-ray: 8f13f63f2cd8c22f-TLV
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 94 KB
27 KB 224ms
74ms Script
application/javascript 104.16.79.142
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.79.142 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a25d27051a93c414aa93bd0f106134ea8b6d1dd66e40b1ded22eaedc07a400b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 8e2b557d-de43-427c-8c77-9b5bb306635b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6bedf1d1aca2edea42f1d516d601dfd4"
x-amz-version-id: FjsXSHX9KAzFAlHie2aKBFRzWPRnKgEm
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
age: 473
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: tnCtLVKmvq7xTjLLB1rBsCH_Js86BSIHdNmP8q0TfC7Z1rAvzypT1Q==
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: 8e2b557d-de43-427c-8c77-9b5bb306635b
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 15:51:04 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-2w2nl
x-envoy-upstream-service-time: 2
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.19270/bundles/project.js&cfRay=8f0eeea19f119969-FRA
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
cf-ray: 8f13f63feb09c22e-TLV
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.19270/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 234ms
96ms Script
application/javascript 104.17.223.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.223.152 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

912abb0cafbeca44d5b1cf2d9d7fe857a75974e2e42fd2aa125405984bf69953

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 06814d9d-d1bd-4282-9c61-89f599fb5980
content-encoding: gzip
cf-cache-status: HIT
etag: W/"c93e083d757d0b4ca5e123cc7fe52d0e"
x-amz-version-id: WnsFCrZ11_ikNHLZ9dlJoPqENga47yWY
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 421
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: 37pz6cT2MXwTCOQt2aKtgRO_f7i7VulkVlvLl6tq7ckvMMje8zxUTg==
date: Fri, 13 Dec 2024 06:40:18 GMT
x-hubspot-correlation-id: 06814d9d-d1bd-4282-9c61-89f599fb5980
content-type: application/javascript; charset=utf-8
last-modified: Wed, 11 Dec 2024 15:02:51 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-jr57s
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.949/bundles/pixels-release.js&cfRay=8f066a7b3b58eead-WAW
via: 1.1 36b04143ac1626bb30bb225fb2cccb1e.cloudfront.net (CloudFront)
cf-ray: 8f13f6406ce0c227-TLV
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.949/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 473ms
329ms Script
application/javascript 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: c99fbf1e-88fe-4b12-a93b-4edd66d425d4
content-encoding: gzip
cf-cache-status: HIT
etag: W/"224467cc4ce3a08f302186b8a1ce03c9"
x-amz-version-id: mNXUuIIWhVdVPzPqyp_sjRXwZmR0sDd4
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgArQ2HlgoA24DPLDw4lXrZO4klenL6bE%2FjxfiYDqHnSm17Z0%2BfuIx6XHKQb6KQ32qfS%2F98oPllcJtaof8JHyBr607C52zzegOpsdHbguMMnd6hNbRCGgV6aeGn6jTFV"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ydQj9oTOqkxHMLF0_hxn6tz0KO2b7_t4Q_AYvnwrG_hM7_YnAma86w==
x-hubspot-correlation-id: c99fbf1e-88fe-4b12-a93b-4edd66d425d4
content-type: application/javascript; charset=utf-8
last-modified: Mon, 02 Dec 2024 10:47:31 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xkq4z
x-envoy-upstream-service-time: 1
x-hs-target-asset: web-interactives-embed/static-2.1869/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Fri, 13 Dec 2024 06:40:18 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1869/bundles/project.js&cfRay=8ebace5749f4c24a-WAW
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
cf-ray: 8f13f6408a3d7da1-TLV
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 47 KB
17 KB 435ms
177ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 02a661490aa341e4e0abb139d22f9dfaf7de3206329a4d22acacd96cd46351c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e943-bb7b"
cdn-fileserver: 750
date: Fri, 13 Dec 2024 06:40:18 GMT
cdn-storageserver: DE-632
last-modified: Wed, 04 Dec 2024 23:44:03 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/11/2024 12:01:20
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 3111de13954249f0bdb479572a9870dd
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H3 200 threat-report.jpg
i0.wp.com/cyble.com/wp-content/uploads/2024/08/ 54 KB
54 KB 117ms
116ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/08/threat-report.jpg?fit=1024%2C368&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

c815c49731528111127f7705e82a2d7a8ca5b5e1a1a0435af6e7b0407a842928

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/

Response headers

etag: "d1d7bd79a7a05a76"
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD
expires: Fri, 27 Nov 2026 19:03:27 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:17 GMT
content-type: image/webp
last-modified: Wed, 27 Nov 2024 07:03:27 GMT
vary: Accept
link: <https://cyble.com/wp-content/uploads/2024/08/threat-report.jpg>; rel="canonical"
cache-control: public, max-age=63115200
timing-allow-origin: *
x-nc: HIT hhn 2
access-control-allow-origin: *
content-length: 55002
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 111ms
108ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT hhn 2
age: 48216
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7840
date: Fri, 13 Dec 2024 06:40:17 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:49 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 111ms
109ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT hhn 2
age: 32889
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8000
date: Fri, 13 Dec 2024 06:40:17 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:53:31 GMT
server: nginx

GET
H2 200 pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
fonts.wp.com/s/poppins/v22/ 8 KB
8 KB 110ms
109ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v22/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT hhn 2
age: 47087
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7824
date: Fri, 13 Dec 2024 06:40:17 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Wed, 04 Dec 2024 06:52:39 GMT
server: nginx

GET
H2 206 banner-ad-cyble-1.mp4
videos.files.wordpress.com/jmrVNgDZ/ 337 KB
337 KB 348ms
116ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/jmrVNgDZ/banner-ad-cyble-1.mp4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

56bf0f760c2ff663fc46bd5835dde1654cdd29d06fcebebe1582f4872ba50751

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT hhn 3
Content-Range: bytes 0-344857/344858
x-content-type-options: nosniff
expires: Fri, 27 Dec 2024 04:05:54 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
Content-Length: 344858
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: video/mp4
last-modified: Tue, 22 Oct 2024 12:28:29 GMT
server: nginx

GET
H2 206 cyble-ad.mp4
videos.files.wordpress.com/ZiU8IFTQ/ 3 MB
3 MB 433ms
230ms Media
video/mp4 192.0.72.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://videos.files.wordpress.com/ZiU8IFTQ/cyble-ad.mp4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8092e395138f7b26adbcba6232e3ebb0e29a839b0e7f0f8773ee11fcb294d2bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

x-nc: HIT hhn 3
Content-Range: bytes 0-3311316/3311317
x-content-type-options: nosniff
expires: Wed, 25 Dec 2024 22:08:26 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
Content-Length: 3311317
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: video/mp4
last-modified: Thu, 24 Oct 2024 10:30:31 GMT
server: nginx

GET
H2 200 rating_schema.json Show response
www.g2.com/products/cyble/ 334 B
2 KB 476ms
348ms Fetch
application/json 104.16.189.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.g2.com/products/cyble/rating_schema.json

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.189.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db231971790e0cbafc4b9ea698e905207070577024d8c6485a87576fd79affc1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src * 'self' .g2crowd.com .g2.com; frame-src * 'self' .g2crowd.com .g2.com; font-src * data: 'self' .g2crowd.com .g2.com; form-action * 'self' .g2crowd.com .g2.com; img-src * data: blob: 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src * blob: 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' .g2crowd.com .g2.com; style-src * 'unsafe-inline' 'self' .g2crowd.com .g2.com; worker-src * blob: 'self' .g2crowd.com .g2.com; frame-ancestors *
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 7200
x-request-id: cef08e11-ec6e-4c0f-b9ee-b75de339dc73
access-control-expose-headers
content-encoding: gzip
cf-cache-status: HIT
etag: W/"db231971790e0cbafc4b9ea698e90520"
x-permitted-cross-domain-policies: none
access-control-allow-methods: GET
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 08:40:18 GMT
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/json; charset=utf-8
vary: Origin,Accept-Encoding
x-runtime: 0.019370
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action * 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
cache-control: public, max-age=7200
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 8f13f6401e927d98-TLV
access-control-allow-origin: *
x-datadome: protected
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 /
w.soundcloud.com/player/ Frame F4BC 0
0 472ms
204ms Document
text/html 18.66.112.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/1872505476&color=%23cc0000&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-121.fra56.r.cloudfront.net

Software

am/2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=300
content-encoding: gzip
content-type: text/html
date: Fri, 13 Dec 2024 06:40:18 GMT
p3p: policyref="https://w.soundcloud.com/player/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV TAI PSAo PSDo OUR STP CNT"
server: am/2
strict-transport-security: max-age=63072000
vary: Accept-Encoding
via: sssr, 1.1 0a624670dff351af866d2f19bde4a312.cloudfront.net (CloudFront)
x-amz-cf-id: 97dhgZEnfNggZrLNOTSqy4lvl2DdLcSsIp7ARJ4Ecg2eRMM6HRgjcg==
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
0 2ms
2ms Script
application/javascript 104.16.139.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.209 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db3957ef24dc8e7f006157227eb3e0c7a6e8cd1928920da0fc435a86a5a80833

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:41:47 GMT
date: Fri, 13 Dec 2024 06:40:17 GMT
x-hubspot-correlation-id: a24c589a-dc76-4253-9cc4-25b5f1c013f6
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:39:47 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8f13f63aeb397d9e-TLV
accept-ranges: bytes
access-control-allow-origin: https://cyble.com
content-length: 707
server: cloudflare

GET fa-solid-900.woff2
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 0
0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
306 B 126ms
125ms XHR
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=824479698&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&ul=he-il&de=UTF-8&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=1589133126&gjid=738699399&cid=908001924.1734072017&tid=UA-201575643-1&_gid=1313304579.1734072018&_r=1&_slc=1&gtm=45He4cc0n81PMWT557v868834701za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=471099791

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:17 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 526 B
1 KB 407ms
130ms Script
application/javascript 46.51.197.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&_s=f5292766bcdac96cdb63bd3ef6db3981&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.51.197.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-197-220.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: a862e7cf93c40c8509d4b2aaa49a0c6e868f89cc9f6c15fea085eef4190895f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
content-length: 526
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
content-type: application/javascript
server: nginx/1.22.1

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 485 KB
1 KB 78ms
75ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb14dfe8ae5aaa4a01824e5fc91c51fb3302150e6143796961e266017ac39817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: a314a3f3-489d-433d-ba81-18cd3974d9d9
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: nL.3tgVnBfE9VUOI2CFVsUxrNJIPlAAW
age: 460
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
etag: W/"558de7b20c531aa81c999732b3c69474"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RVLOBDUc9rc9g2iqV%2FvYUZ6xTKCXY2M4dTVIrqu8vHdh2OpLoHGzlavQXsGYeFgBGExVPCB6hAoxD3eCRd0o9jLJWKvZlquvlPVWljbqw3BMJH%2BlC5yeJvdl7nHZcSD"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 6gaJu_u8w2oKhV1VfozXpp77l60uYFb7FK6-JD5QSXcvAVMjMKEnWA==
x-hubspot-correlation-id: a314a3f3-489d-433d-ba81-18cd3974d9d9
last-modified: Thu, 12 Dec 2024 15:46:41 UTC
content-type: application/javascript; charset=utf-8
priority: u=1,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xbknh
x-envoy-upstream-service-time: 0
x-hs-target-asset: forms-embed/static-1.6926/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Fri, 13 Dec 2024 06:40:17 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6926/bundles/project-v2.js&cfRay=8f1202b12d12d359-FRA
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
cf-ray: 8f13f6405bf1c224-TLV
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/a2_femnl853pd9q/ 3 B
124 B 343ms
112ms XHR
application/json 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/a2_femnl853pd9q/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/json

GET
H2 200 a2_femnl853pd9q_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 358ms
124ms XHR
application/json 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_femnl853pd9q_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 467ms
207ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1734072017964&id=a2_femnl853pd9q&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=660a50a6-7e8f-4577-a1d7-c484727d49bf&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: image/gif
server: Varnish

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 357ms
354ms Ping
text/html 104.18.30.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010805.js?p=https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.30.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary2GUfRCtirQGaJV1A
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 113ms
112ms Script
application/javascript 23.32.238.219
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.32.238.219 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-32-238-219.deploy.static.akamaitechnologies.com

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: max-age=49489
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Fri, 13 Dec 2024 06:40:18 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 1126903675356441 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 341ms
339ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1126903675356441?v=2.9.178&r=stable&domain=cyble.com&hme=28abfdc7e582ae2a8fdd6ac5ebb406923cf601dc2ee488049b0628e75e0f6b36&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

ece71cd9595c09fec3d17cf9cd1a2b613f32e48fc6e288214593b5091416cb94

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-EjBOA0Ak' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-EjBOA0Ak' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=120, rtx=1, c=77, mss=1232, tbw=71717, tp=67, tpl=1, uplat=220, ullat=1
pragma: public
x-fb-debug: dUDAPz27peur+pDKBhrRarpE5UGclB1LzXLniVGkuzzDcrjwR8CZ3kiS18WsmCUWkG9RZu87oVWUGNbtLwgyoQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 119ms
118ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je4cc0z8868834701za200zb868834701&_p=1734072016614&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=908001924.1734072017&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734072018&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_fv=1&_ss=1&tfd=6575
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 273ms
271ms Ping
text/html 104.18.30.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1010805.js?p=https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.30.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBfkOZzLBzfXNxEAP
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 120ms
119ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45be4cc0v9106873920z8868834701za200&_p=1734072016614&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=908001924.1734072017&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734072018&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_fv=1&_ss=1&tfd=6709
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
301 B 408ms
264ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 089C0D05753E4B0B89A95FF1C851CEC9 Ref B: TLV30EDGE0407 Ref C: 2024-12-13T06:40:18Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYpIRquXAZsswhfqtkAGQ==
x-li-proto: http/2
access-control-allow-origin: https://cyble.com
x-cache: CONFIG_NOCACHE
date: Fri, 13 Dec 2024 06:40:18 GMT
vary: Origin

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.58/ 67 KB
28 KB 207ms
206ms Script
application/javascript 13.107.246.45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.58/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e57f584dc164284e3994776f7ddd7de42d54921a30f096ca971f676b2f5942c7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-azure-ref: 20241213T064018Z-r1d67f7c65cgzz9nhC1MRSuqbs0000000220000000000rct
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DD19E020F35B96"
x-fd-int-roxy-purgeid: 79034942
x-ms-request-id: 285b6932-501e-0064-43ad-4cdf43000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 11 Dec 2024 12:34:17 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 122ms
114ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=69814&tz=-5&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A14.2-a.1&host=cyble.com&ref=&fcp=5943&rand=0.14020694374380271
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache
access-control-allow-origin: *
content-length: 50
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: image/gif
server: nginx

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
764 B 368ms
199ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=5254356&time=1734072018341&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 000629211aaf15044754f78d923b8c5f
x-msedge-ref: Ref A: B3D478086C1D4F57B9EAB81242C4696A Ref B: TLV30EDGE0422 Ref C: 2024-12-13T06:40:18Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYpIRqvFQRHVPeNkjuMXw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5254356%26time%3D1734072018341%26li_adsId%3Dfb4dfa55-7905-4dce-8b3f-cb2c3b9d8299%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-...

0
383 B

262ms
261ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 2A1D7F8841094C93B0CE19B63DEA3D18 Ref B: TLV30EDGE0407 Ref C: 2024-12-13T06:40:19Z
x-li-fabric: prod-lor1
x-li-uuid: AAYpIRq+MGi4Ls9/XdUaKw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
cf-cache-status: DYNAMIC
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/1.1
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
priority: u=3,i
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: cf-prod-lor1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5254356&time=1734072018341&li_adsId=fb4dfa55-7905-4dce-8b3f-cb2c3b9d8299&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&tm=gtmv2&cookiesTest=true&liSync=true
pragma: no-cache
cf-ray: 8f13f647feb0c231-TLV
x-li-uuid: AAYpIRq5sS4xoUDMa6Patg==
content-length: 0
server: cloudflare

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 82ms
82ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=1.0.0

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785d3e9ea187b7242e1a4365a48c3fd95dd7a469245d24c6769b8d46c4ef4b81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"7e91359b46e1da637080a03b759164fa"
age: 1363
expires: Mon, 16 Dec 2024 06:40:18 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: OneSignal-Subscription-Id
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=259200
via: 1.1 google
cf-ray: 8f13f642e838c22f-TLV
server: cloudflare

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 137ms
136ms Stylesheet
text/css 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: bc17aba2e2968927fbdbe26ede920ab0c8405778eaef52b009438a5fcf4ea4e6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e944-2644"
cdn-fileserver: 750
date: Fri, 13 Dec 2024 06:40:18 GMT
cdn-storageserver: DE-677
last-modified: Wed, 04 Dec 2024 23:44:04 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/04/2024 23:47:16
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: f890a607cacc0d6aed05675a14a3977d
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 b4m2ivdbe4eosyrui9pw Show response
api.omappapi.com/v2/embed/239265/ 5 KB
2 KB 511ms
275ms XHR
application/json 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/b4m2ivdbe4eosyrui9pw
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d5c7c2797abbbe48649b55173916f86cfed738676336d6fd2938cee5d519591

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"981e5e370bc308f97b7f82046125aa7b"
expires: Fri, 13 Dec 2024 06:26:36 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: PcEXFyJ8-MzobAe1RHbeXtlC-0F5JrDby90rSpsVUOmGlNHbLqvbXQ==
date: Fri, 13 Dec 2024 06:40:18 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Tue, 10 Dec 2024 06:44:24 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: b4m2ivdbe4eosyrui9pw
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
cf-ray: 8f13f644bc799046-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: cloudflare

GET
H2 200 wlravxmwms40sunr2q0v Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 510ms
277ms XHR
application/json 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/wlravxmwms40sunr2q0v
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aad5b86b7dbbe9b0a901b3f4ce7be4109bc670c591da4cc4b01d951e83263676

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"80a4292c729103f02045f59959a6ad23"
expires: Fri, 13 Dec 2024 06:12:24 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: zrlbPzUTCd44db_ogHDQgU04CtS6obWS580601Yf1YejKf3iSBmbfA==
date: Fri, 13 Dec 2024 06:40:18 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Wed, 27 Nov 2024 06:07:04 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: wlravxmwms40sunr2q0v
via: 1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
cf-ray: 8f13f644bc7a9046-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: cloudflare

GET
H2 200 hrmi1wlyf5zkw7jqsfln Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 506ms
276ms XHR
application/json 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/hrmi1wlyf5zkw7jqsfln
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8483ea5c1d443e6c3e452a647ccba999dc81051a4ff29b9a7bbbc0aca869d4f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-user-agent: standard--
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"a1bf687a6e6d6d63ef024317cc9476cd"
expires: Fri, 13 Dec 2024 06:11:23 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: W3cJSOAjvA8eJxHIVV_Zud9oSgUgJ9nT8Az4v2dVHIsulyowaolZAQ==
date: Fri, 13 Dec 2024 06:40:18 GMT
x-cache-config: 0 0
content-type: application/json
last-modified: Tue, 20 Aug 2024 18:11:51 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-headers: X-CSRF-Token
x-cache-status: HIT
cache-control: public, max-age=30, stale-while-revalidate=1800
x-optinmonster-campaign: hrmi1wlyf5zkw7jqsfln
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
cf-ray: 8f13f644bc7c9046-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA6-C1
server: cloudflare

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 5 KB
2 KB 352ms
128ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1734072018121&cv=11&fst=1734072018121&bg=ffffff&guid=ON&async=1&gtm=45je4cc0v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

0271a5a5028ea6ee2d842241e06007321236495835c2209c1dde309c91da3324

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2308
date: Fri, 13 Dec 2024 06:40:18 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10996750928
td.doubleclick.net/td/rul/ Frame EB24 0
0 376ms
131ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10996750928?random=1734072018121&cv=11&fst=1734072018121&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4cc0v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-N9ZXY95EM4&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 597
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Dec 2024 06:40:18 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 5 KB
2 KB 332ms
136ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1734072018178&cv=11&fst=1734072018178&bg=ffffff&guid=ON&async=1&gtm=45be4cc0v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ba563163bac0499b6b7f1a9957224e49cea848a69604ce178a9d34cb46e0a132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2321
date: Fri, 13 Dec 2024 06:40:18 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10996750928
td.doubleclick.net/td/rul/ Frame 8635 0
0 351ms
131ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10996750928?random=1734072018178&cv=11&fst=1734072018178&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc0v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10996750928&l=dataLayer&cx=c&gtm=45He4cc0v868834701za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 598
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Dec 2024 06:40:18 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iframe_content.html
x.adroll.com/pxl/ Frame EB7F 0
0 436ms
132ms Document
text/html 54.194.225.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://x.adroll.com/pxl/iframe_content.html?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&advertisable=ELNAF2EZDFHJRAP3ODLCUU
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.194.225.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-225-127.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
ad-auction-allowed: true
content-encoding: zstd
content-length: 427
content-type: text/html
date: Fri, 13 Dec 2024 06:40:18 GMT
last-modified: Thu, 12 Dec 2024 15:47:13 GMT

GET
H2 200 3BMTZYG7A5BPDP54WUQHR4 Show response
d.adroll.com/segment/ELNAF2EZDFHJRAP3ODLCUU/ 42 B
2 KB 263ms
227ms XHR
image/gif 46.51.197.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/segment/ELNAF2EZDFHJRAP3ODLCUU/3BMTZYG7A5BPDP54WUQHR4?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&cookie=&adroll_s_ref=&keyw=&p0=1573&adroll_external_data=&xa4=1&adroll_version=2.0
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.51.197.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-197-220.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-rule-type: p
access-control-expose-headers: X-Advertisable-Eid, X-Attribution-Url, X-Segment-Eid, X-Segment-Display-Name, X-Segment-Name, X-Conversion-Currency, X-Conversion-Value, X-Rule, X-Rule-Type, X-Organization-Eid, X-Pixel-Eid
x-organization-eid: N3DWPJG4RZHKTLUYF434YJ
access-control-allow-methods: GET
x-segment-eid: DXQVOHHPJJAJXGCB63B6XM
x-advertisable-eid: ELNAF2EZDFHJRAP3ODLCUU
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
x-pixel-eid: 3BMTZYG7A5BPDP54WUQHR4
content-type: image/gif
x-attribution-url: https%3A%2F%2Fx.adroll.com%2Fattribution%2Ftrigger%3Ffpc%3D344d08935d5866e1fa0079e4b330b47f%26advertisable_eid%3DELNAF2EZDFHJRAP3ODLCUU%26conversion_type%3DPageView%26conversion_value%3D0.0%26currency%3DUSC%26flg%3D1%26pv%3D49594507509.348816%26arrfrr%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fphishing-campaign-targeting-ukraine-uac-0215%252F
access-control-allow-headers: Content-Type, *
x-segment-display-name: Visitors to Unsegmented Pages
cache-control: no-store, no-cache, must-revalidate
access-control-request-methods: GET
pragma: no-cache
x-conversion-currency
access-control-allow-credentials: true
x-conversion-value: 0.0
access-control-allow-origin: https://cyble.com
x-segment-name: *
content-length: 42
server: nginx/1.22.1
x-rule: *

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://x.bidswitch.net/sync?dsp_id=44&user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

43 B
183 B

3471ms
178ms

Image
image/gif

35.214.136.108
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 35.214.136.108 Groningen, Netherlands, ASN19527 (GOOGLE-2, US),
Reverse DNS: 108.136.214.35.bc.googleusercontent.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
date: Fri, 13 Dec 2024 06:40:22 GMT
content-type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://x.bidswitch.net/sync?dsp_id=44&user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

utsync.ashx
ml314.com/
Redirect Chain

https://d.adroll.com/cm/bombora/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine...
https://ml314.com/utsync.ashx?et=0&eid=92980&fp=c6f30eee545a87737d8d9e5e1aa8cc66

43 B
294 B

373ms
149ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?et=0&eid=92980&fp=c6f30eee545a87737d8d9e5e1aa8cc66
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
via: 1.1 google
expires: 0,Sat, 14 Dec 2024 06:40:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/gif
server: Google Frontend

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://ml314.com/utsync.ashx?et=0&eid=92980&fp=c6f30eee545a87737d8d9e5e1aa8cc66
content-length: 86
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H3

200

receive
pixel.tapad.com/idsync/ex/
Redirect Chain

https://d.adroll.com/cm/experian/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukrain...
https://pixel.tapad.com/idsync/ex/receive?partner_id=3521&partner_device_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3521&partner_device_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%252C%252C&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%252C%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=9715676a-b52b-4830-a7b6-37aec943a0ec&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%2C%2C

95 B
124 B

121ms
120ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=9715676a-b52b-4830-a7b6-37aec943a0ec&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%2C%2C

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 95
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/png
server: Jetty(11.0.13)

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=9715676a-b52b-4830-a7b6-37aec943a0ec&ttd_puid=df08d7ed-2541-43e4-b0f3-3331ca39c69b%2C%2C
content-length: 359
date: Fri, 13 Dec 2024 06:40:19 GMT
server: Kestrel

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=xvMO7lRah3N9jZ5eGqjMZg
https://cm.g.doubleclick.net/pixel?google_sc=&google_nid=artb&google_hm=xvMO7lRah3N9jZ5eGqjMZg&google_tc=
https://d.adroll.com/cm/g/in

42 B
819 B

131ms
126ms

Image
image/gif

46.51.197.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 46.51.197.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-197-220.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-result: g.-1.-1.-1
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/gif
server: nginx/1.22.1

Redirect headers

cache-control: no-cache, must-revalidate
location: https://d.adroll.com/cm/g/in
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 225
date: Fri, 13 Dec 2024 06:40:19 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H3

200

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-u...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expiration=1765608018
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expiration=1765608018&C=1

43 B
767 B

260ms
260ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expiration=1765608018&C=1
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2B8xOkOTX%2FYkQkYjGJrUdKDpyQY3CfmMjypA9WocvcIWqbQnt%2BkNyXIKEYv0dtwmSitQYzmKwbFVmBn9IOVgts72VHfLrAFYAwB9Cpscuaow%2FSXsBb5yKqxT%2FoGViuqkxG5p0ZPvVdVe6A%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/gif
vary: Accept-Encoding
priority: u=3,i
cache-control: no-cache
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8f13f6476b06c224-TLV
content-length: 43
server: cloudflare

Redirect headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ci%2BvkosGjN%2FgJ2Y%2F5z2Dm6qOVIMP%2FlpqNAoSRoT8QPDndaxGYDD8cwlJhNbB9rWix3BliZ0z4ng85EKhiSH1GX2gsNfh4i3artMn%2B5BftT4pQp%2BWHBySpHGj3DgjPPW9bECQ7flSCNOrvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Fri, 13 Dec 2024 06:40:19 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: no-cache
location: /rum?cm_dsp_id=105&external_user_id=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expiration=1765608018&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
cf-ray: 8f13f645c9bdc224-TLV
content-length: 0
server: cloudflare

GET
H2

200

sync
pippio.com/api/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://idsync.rlcdn.com/377928.gif?partner_uid=c6f30eee545a87737d8d9e5e1aa8cc66
https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogYzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjYQABoNCNOt77oGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=35b9964fd9d379e6cdb6364be3c2a073605b73b05cda7c6cd07b4a4bf353b221791426b5417dce21&_=2

42 B
570 B

376ms
229ms

Image
image/gif

107.178.254.65
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pippio.com/api/sync?pid=5324&it=1&iv=35b9964fd9d379e6cdb6364be3c2a073605b73b05cda7c6cd07b4a4bf353b221791426b5417dce21&_=2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 107.178.254.65 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store
timing-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 42
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://pippio.com/api/sync?pid=5324&it=1&iv=35b9964fd9d379e6cdb6364be3c2a073605b73b05cda7c6cd07b4a4bf353b221791426b5417dce21&_=2
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Fri, 13 Dec 2024 06:40:19 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expires=365

42 B
1 KB

7758ms
117ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expires=365
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&expires=365
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=c6f30eee545a87737d8d9e5e1aa8cc66&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/sd?id=537103138&val=c6f30eee545a87737d8d9e5e1aa8cc66&gdpr=0&gdpr_consent=&cc=1

43 B
171 B

125ms
124ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=c6f30eee545a87737d8d9e5e1aa8cc66&gdpr=0&gdpr_consent=&cc=1
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 31.187.78.174
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 13 Dec 2024 06:40:22 GMT
content-type: image/gif
vary: Accept

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=c6f30eee545a87737d8d9e5e1aa8cc66&gdpr=0&gdpr_consent=&cc=1
x-forwarded-for: 31.187.78.174
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Fri, 13 Dec 2024 06:40:21 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukrain...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=&us_privacy=1---

0
360 B

622ms
196ms

Image
text/plain

64.202.112.127
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/cookie-sync?p=adroll&uid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

HTTP/1.1

Server

64.202.112.127 , United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
content-length: 0
date: Fri, 13 Dec 2024 06:40:19 GMT
x-traceid: 8ce57003831f06d7488385904a74a72f

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=&us_privacy=1---
content-length: 137
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukrain...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
587 B

7728ms
170ms

Image
image/gif

198.47.127.205
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 198.47.127.205 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, private
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Fri, 13 Dec 2024 06:40:25 GMT
content-type: image/gif; charset=utf-8
server: nginx

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

0
366 B

3452ms
179ms

Image
text/plain

141.226.228.48
TABOOLA-AS Tabool...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS Taboola.com ltd, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-fastly-to-nlb-rtt: 58093
date: Fri, 13 Dec 2024 06:40:22 GMT
server: nginx
access-control-allow-credentials: true

Redirect headers

cache-control: no-store, no-cache, must-revalidate
location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
pragma: no-cache
server: nginx/1.22.1

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukra...
https://eb2.3lift.com/xuid?mid=4714&xuid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

37 B
474 B

123ms
123ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Fri, 13 Dec 2024 06:40:22 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: /xuid?ld=1&mid=4714&xuid=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Fri, 13 Dec 2024 06:40:22 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0...
https://ib.adnxs.com/setuid?entity=172&code=YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

43 B
1 KB

113ms
113ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 31.187.78.174; 31.187.78.174; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: ab503519-d94c-4736-af6f-904fc8185ef4
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 13 Dec 2024 06:40:19 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.23.4

Redirect headers

cache-control: no-store, no-cache, private
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 31.187.78.174; 31.187.78.174; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: bb3eb15c-6014-4d9d-97d7-32853a6081dc
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 13 Dec 2024 06:40:19 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.23.4

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 511ms
149ms Image
text/plain 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&rl=&if=false&ts=1734072018517&sw=1600&sh=1200&v=2.9.178&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1734072018512.212462522265885243&ler=empty&cdl=API_unavailable&it=1734072017992&coo=false&tm=1&rqm=GET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=122, rtx=4, c=4, mss=1232, tbw=9833, tp=17, tpl=4, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
196 B 670ms
308ms Image
image/png 157.240.0.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&rl=&if=false&ts=1734072018517&sw=1600&sh=1200&v=2.9.178&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1734072018512.212462522265885243&ler=empty&cdl=API_unavailable&it=1734072017992&coo=false&tm=1&rqm=FGET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7447782611276077003"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: llkln01vivsBqJowCSO6p63Dl+L4HBqTT8fns367vrkTQSF/9b88Jmp7JsSazEipqAGWOeZQC3lTTfnIbCO0cQ==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7447782611276077003", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=124, rtx=4, c=25, mss=1232, tbw=10201, tp=20, tpl=4, uplat=177, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

OPTIONS
H2 200 router_settings
app.apollo.io/api/v1/meetings/inbound_router/guest_inbound_router/ Frame 0
0 404ms
235ms Preflight 104.20.40.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.apollo.io/api/v1/meetings/inbound_router/guest_inbound_router/router_settings?scheduling_link=7ml-tc5-dnw&app_id=672ca643f7912901b0c6f7e0&x-app-id=672ca643f7912901b0c6f7e0&cacheKey=1734072018644
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.40.213 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: https://cyble.com
access-control-expose-headers: x-app-id
access-control-max-age: 7200
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8f13f645da60c22c-TLV
content-length: 0
date: Fri, 13 Dec 2024 06:40:19 GMT
server: cloudflare
status: 200 OK
via: 1.1 google

GET
H2 200 router_settings Show response
app.apollo.io/api/v1/meetings/inbound_router/guest_inbound_router/ 199 B
1 KB 250ms
246ms Fetch
application/json 104.20.40.213
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.apollo.io/api/v1/meetings/inbound_router/guest_inbound_router/router_settings?scheduling_link=7ml-tc5-dnw&app_id=672ca643f7912901b0c6f7e0&x-app-id=672ca643f7912901b0c6f7e0&cacheKey=1734072018644

Requested by

Host: assets.apollo.io
URL: https://assets.apollo.io/js/meetings/meetings-widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.40.213 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08c64f6559fe33c85a5dc61c9f23ad8b570fcc79dd27704a4ef9ed9c26b7faf6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn .salesforce.com .lightning.force.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-transaction-id: 1fb3bd0a655661d4c009923b1447015b
access-control-max-age: 7200
access-control-expose-headers: x-app-id
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"08c64f6559fe33c85a5dc61c9f23ad8b"
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Accept-Encoding, Origin
x-frame-options: ALLOWALL
strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
cache-control: max-age=0, private, must-revalidate
via: 1.1 google
cf-ray: 8f13f6475c23c22c-TLV
access-control-allow-origin: https://cyble.com
server: cloudflare

GET wp-emoji-release.min.js
cyble.com/wp-includes/js/ 0
0

GET /
cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/ 0
0

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame A21F 0
0 365ms
113ms Document
text/html 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcyble.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Fri, 13 Dec 2024 06:40:19 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kiad7000164-IAD, cache-fra-etou8220024-FRA

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 249ms
239ms Preflight
text/plain 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.19270&mobile=false&messagesUtk=1eab554fde8843958f1c516b9d4d552d&traceId=1eab554fde8843958f1c516b9d4d552d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8f13f6454f5e7da1-TLV
content-length: 18
content-type: text/plain; charset=utf-8
date: Fri, 13 Dec 2024 06:40:18 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=doocwwnPRPVcmlHp02m8kBj3IhDmEEBacsjpe9YgTVP026z%2B07sE0D5njNmeRr%2Fo9wUKsB%2BP6axhEJ5FAZu0mX53Kvc0GeK1vavhSdnKsmx6XL%2F38%2BmHiVnyyjfv1oWVCg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-hubspot-correlation-id: 25814499-092b-46f8-8143-ae4627b5dcd2

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 319ms
318ms XHR
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54e870db4fc3846619d5d0c5c7a5f5d686e4765ac6ffdb815b1354419b8ccd9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fj1KZImwiuLMhdE8G2HU9uKWKns7Cehf%2F5NFZSakIAvI7VM0U5Vysng4ooKLxCTrRFW%2FlHFOG6RletIYon5s118DurZb4paxYZ%2BXKbqkBHJ2s%2FjeLuNSTM%2BlO2OoLwFmrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 06:40:19 GMT
x-hubspot-correlation-id: 1cbcfef8-b370-46eb-93fd-983a424cff88
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8f13f646c8d37da1-TLV
access-control-allow-origin: https://cyble.com
content-length: 1384
server: cloudflare

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 117 B
990 B 386ms
223ms XHR
application/json 104.18.242.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.242.108 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1aaece65e52f7c2678d2b2699182f51ad003a41780a70f985cace566743912

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gvuMzGwi6ZNogUQ%2B6dc2%2BskLd6a9Rb1MoDAfnxvkFOes11KDL2UE4anOevu5AY55PgDWJC8acJe3k6TMl1%2Fo35x2Z%2F2rU4aIgjnm0mAs1yh9WRRge3hUu4nO3LX%2FTQVI"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 06:40:19 GMT
x-hubspot-correlation-id: 37191093-1855-474b-b631-a1b7a40887d4
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8f13f6464adfc227-TLV
access-control-allow-origin: https://cyble.com
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1 KB 252ms
238ms Fetch
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: fc92eed0-fcfa-48cf-844a-c8835e45a53b
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsGmn2Woj5jv%2F6Sywgt2%2BA1gtzj6J6YZ6f%2BLY8FXUF7%2Bgt7WIjd87umlFil4g%2Fnbs%2BUqY7gIH0nXK25qoYNLzWGC%2Fx%2BDPzTIPMn8yH5pZsmKM2ScE99WQLHRssO4MPRMYsrbwNV4cyRcjrurSsk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Fri, 13 Dec 2024 06:40:18 GMT
x-hubspot-correlation-id: fc92eed0-fcfa-48cf-844a-c8835e45a53b
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 8
access-control-allow-credentials: true
cf-ray: 8f13f6459fa67da1-TLV
access-control-allow-origin: https://cyble.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
28 KB 176ms
175ms Script
text/javascript 18.245.86.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 84de47ed6481524074cd5e375bb773f01b59fa6452539b3b60cdb916914ca0e1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Access-Control-Max-Age: 600
Content-Encoding: gzip
X-Amz-Version-Id: XRapE5DFdXRGc5myIfsDq4zGHQVtai2E
Etag: W/"792eca3181a87960d692c005437f63e0"
Age: 3597
Access-Control-Allow-Methods: GET
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 4KjNVxkqsT3hcgBVB0T2muDc8xnIH8NPwubgV1iihCnlhxqDdDcVew==
Date: Fri, 13 Dec 2024 05:40:22 GMT
Content-Type: text/javascript
Vary: accept-encoding
Last-Modified: Tue, 15 Oct 2024 15:51:52 GMT
Access-Control-Allow-Headers: *
Transfer-Encoding: chunked
Cache-Control: max-age=3600, must-revalidate
Connection: keep-alive
Access-Control-Allow-Credentials: false
Via: 1.1 fca814089bc9a82fba87ce0548f9f358.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: FRA60-P6
Server: AmazonS3
X-Amz-Server-Side-Encryption: AES256

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/ 16 KB
5 KB 777ms
275ms Script
application/javascript 13.32.121.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-20.fra60.r.cloudfront.net

Software

Clearbit /

Resource Hash

9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
content-encoding: gzip
etag: W/"9bd0e6149c66576fdc7ae464697b7327"
x-envoy-response-flags: -
x-content-type-options: nosniff
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-id: _5S02_8kuLcIdO-U6bsfUoytRkCFAik0fE7TtAz3ZZ1I00T23v7LYA==
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
server: Clearbit
x-amz-cf-pop: FRA60-P1

GET dialog.min.js
cyble.com/wp-content/plugins/elementor/assets/lib/dialog/ 0
0

POST
H2 200 3BMTZYG7A5BPDP54WUQHR4
d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/ 42 B
819 B 205ms
204ms Ping
image/gif 46.51.197.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/3BMTZYG7A5BPDP54WUQHR4?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&ev=f%3D1105%26ft%3Dpreconsent
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.51.197.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-197-220.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-advertisable-eid: ELNAF2EZDFHJRAP3ODLCUU
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: image/gif
server: nginx/1.22.1

POST
H2 200 3BMTZYG7A5BPDP54WUQHR4
d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/ 42 B
819 B 205ms
205ms Ping
image/gif 46.51.197.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/onp/ELNAF2EZDFHJRAP3ODLCUU/3BMTZYG7A5BPDP54WUQHR4?adroll_fpc=344d08935d5866e1fa0079e4b330b47f-1734072018439&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&ev=f%3D-813%26ft%3Dprepixel
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.51.197.220 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-51-197-220.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-advertisable-eid: ELNAF2EZDFHJRAP3ODLCUU
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Fri, 13 Dec 2024 06:40:18 GMT
content-type: image/gif
server: nginx/1.22.1

GET
H2 200 trigger
x.adroll.com/attribution/ 2 B
468 B 3465ms
185ms Image
text/plain 54.194.202.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.adroll.com/attribution/trigger?fpc=344d08935d5866e1fa0079e4b330b47f&advertisable_eid=ELNAF2EZDFHJRAP3ODLCUU&conversion_type=PageView&conversion_value=0.0&currency=USC&flg=1&pv=49594507509.348816&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.194.202.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-202-214.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-length: 2
date: Fri, 13 Dec 2024 06:40:22 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0","priority":"0","deduplication_key":"8987376535742817430","filters":{"source_type":["event"]}},{"trigger_data":"0","priority":"0","deduplication_key":"8987376535742817430","filters":{"source_type":["navigation"]}}],"debug_key":"12086720327927426646","debug_reporting":true,"filters":{"0":["ELNAF2EZDFHJRAP3ODLCUU"]}}
content-type: text/plain; charset=utf-8

GET
H3 200 web Show response
onesignal.com/api/v1/sync/7db38cff-5077-441d-81cd-10e2ee603557/ 3 KB
2 KB 213ms
139ms Script
text/javascript 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/7db38cff-5077-441d-81cd-10e2ee603557/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78d446715d4b7fc7e8896c8f84aa1b5922c04ede92ff1551c45b7c29a76a0247

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: 7d55d830-511d-46f6-b705-8a5ed5d54693
content-encoding: br
cf-cache-status: HIT
etag: W/"78d446715d4b7fc7e8896c8f84aa1b59"
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 07:40:19 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: text/javascript; charset=utf-8
vary: Origin, Accept-Encoding
x-runtime: 0.033488
priority: u=3,i=?0
access-control-allow-headers: SDK-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=3600
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
via: 1.1 google
cf-ray: 8f13f646cb54c21f-TLV
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 share-buttons.63d984f8c96d1e053bc0.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 2 KB
1 KB 121ms
120ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.63d984f8c96d1e053bc0.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.5

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

222671695c39932625f7de419d583857d59db5e23a07c46f0b4df9c4cecdea42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
content-encoding: br
etag: W/"6744c8b8-629"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:58:04 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:18 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:58:00 GMT
server: nginx
vary: Accept-Encoding

GET load-more.8b46f464e573feab5dd7.bundle.min.js
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 0
0

GET posts.aec59265318492b89cb5.bundle.min.js
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 0
0

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
983 B 113ms
110ms Script
application/javascript 192.0.78.152
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.11

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.152 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8639604f6b9525e4e14c0dec40129920dc99d2ce640ccd0d5906a142ddd0e248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=31536000
content-encoding: br
etag: W/"6744c8b0-550"
access-control-allow-methods: GET, HEAD
expires: Wed, 10 Dec 2025 18:58:04 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 06:40:19 GMT
x-ac: 2.hhn _atomic_ams HIT
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 18:57:52 GMT
server: nginx
vary: Accept-Encoding

GET
H3 200 FollowCompany.js Show response
www.linkedin.com/pages-extensions/ 1 KB
2 KB 433ms
311ms Script
application/javascript 172.64.146.215
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin.com/pages-extensions/FollowCompany.js?version=0.1.176

Requested by

Host: platform.linkedin.com
URL: https://platform.linkedin.com/in.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.146.215 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

275fb4a7bdeab3c59caff1c0ea88bf1adc9f4cfc377a9bec7b28517d13e2fd37

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .licdn.com .linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ .microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: ; font-src data: ; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src .licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' .licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors ; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: "b640f66b448ca91ee07b41f0eba9ddb2c35d30df"
x-li-fabric: prod-lor1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/1.1
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 01 Feb 1980 00:00:00 GMT
priority: u=3,i=?0
strict-transport-security: max-age=31536000
x-li-pop: cf-prod-lor1-x
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src *.licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' *.licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors *; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
cache-control: no-cache, no-store
pragma: no-cache
cf-ray: 8f13f647feb2c231-TLV
x-li-uuid: AAYpIRq5yqu7bwWEdeKtOQ==
accept-ranges: bytes
content-length: 487
server: cloudflare

GET
H3 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
64 B 131ms
129ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1734072018121&cv=11&fst=1734069600000&bg=ffffff&guid=ON&async=1&gtm=45je4cc0v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dl-GcsUFzfKZU4QyW3Z9G-ztjyFOYsA&random=2250734387&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 13 Dec 2024 06:40:19 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/10996750928/ 42 B
455 B 7624ms
182ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/10996750928/?random=1734072018121&cv=11&fst=1734069600000&bg=ffffff&guid=ON&async=1&gtm=45je4cc0v9106873920z8868834701za201&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dl-GcsUFzfKZU4QyW3Z9G-ztjyFOYsA&random=2250734387&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 13 Dec 2024 06:40:26 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
64 B 127ms
125ms Image
image/gif 142.250.184.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1734072018178&cv=11&fst=1734069600000&bg=ffffff&guid=ON&async=1&gtm=45be4cc0v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7djLAaVNQtQUzEaxqjZXpEC6RPWIuhQA&random=3038184471&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 13 Dec 2024 06:40:19 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/10996750928/ 42 B
108 B 7626ms
184ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/10996750928/?random=1734072018178&cv=11&fst=1734069600000&bg=ffffff&guid=ON&async=1&gtm=45be4cc0v9106873920z8868834701za200&gcd=13l3l3l3l1l1&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&hn=www.googleadservices.com&frm=0&tiba=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&npa=0&pscdl=noapi&auid=1463438234.1734072017&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7djLAaVNQtQUzEaxqjZXpEC6RPWIuhQA&random=3038184471&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 13 Dec 2024 06:40:26 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 5.8d87cdc9.min.js Show response
a.omappapi.com/app/js/ 13 KB
5 KB 139ms
131ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.8d87cdc9.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 7d5c91bba288f8d52bece6eb27a646578f0c935f8890f9f1fb5349060c7ce77b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "673cdbfa-355f"
cdn-fileserver: 728
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-677
last-modified: Tue, 19 Nov 2024 18:42:02 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/28/2024 20:29:55
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 2d2def6fdcd6aaf0c2a1bd273d16fbcc
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
273 B 1492ms
196ms XHR
text/plain 52.184.215.111
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.58/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.215.111 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 13 Dec 2024 06:40:20 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
959 B 357ms
265ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: none
x-request-id: 4d9a6f2d-4e0a-47de-b1c9-0c34092f9c7d
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
x-hubspot-correlation-id: 4d9a6f2d-4e0a-47de-b1c9-0c34092f9c7d
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Fri, 13 Dec 2024 06:40:19 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-wmgk9
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8f13f647febac21d-TLV
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET share-link.min.js
cyble.com/wp-content/plugins/elementor/assets/lib/share-link/ 0
0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 434 KB
137 KB 140ms
139ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10996750928

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

fa0a800e4f12cf06e7c477d5eb466532315003015624f253ca451fe3d6fc6596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 06:40:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 140201
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 188ms
187ms Stylesheet
text/css 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
age: 2393
expires: Sun, 12 Jan 2025 06:40:19 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: text/css
vary: Accept-Encoding
priority: u=0,i=?0
access-control-allow-headers: OneSignal-Subscription-Id
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=2592000
via: 1.1 google
cf-ray: 8f13f647ecb1c21f-TLV
server: cloudflare

GET
H2 200 4.c2eb0e91.min.js Show response
a.omappapi.com/app/js/ 44 KB
13 KB 133ms
133ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 3570909efe317eb6fcd6de84ddbdbd2ba89238bab48ddeaaeffe433da3319de4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e944-af44"
cdn-fileserver: 750
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-636
last-modified: Wed, 04 Dec 2024 23:44:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/08/2024 23:01:14
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: cbae6df503ae7aa9ca6c40227a22e3a8
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 1eab554fde8843958f1c516b9d4d552d
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 3DD7 0
0 801ms
403ms Document
text/html 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/1eab554fde8843958f1c516b9d4d552d?uuid=2f67066be91e45ff962b8ed6e5789595&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=1eab554fde8843958f1c516b9d4d552d&url=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true&isIOSMobile=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
age: 3415
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 8f13f64b5fe0c22c-TLV
content-encoding: gzip
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.21717/html/index.html&cfRay=8f13f64b5fe0c22c&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2F1eab554fde8843958f1c516b9d4d552d%3Fuuid%3D2f67066be91e45ff962b8ed6e5789595%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3D1eab554fde8843958f1c516b9d4d552d%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fphishing-campaign-targeting-ukraine-uac-0215%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse%26hideScrollToButton%3Dtrue%26isIOSMobile%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&cfenv=prod&pdt=2024-12-13&csp=ro
content-type: text/html; charset=utf-8
date: Fri, 13 Dec 2024 06:40:20 GMT
etag: W/"8a583912ae157e7e08fba9b588943390"
last-modified: Thu, 12 Dec 2024 15:51:04 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8f13f64b5fe0c22c&resource=conversations-visitor-ui/static-1.21717/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 73c5607bdb5db0d651e25c848846d554.cloudfront.net (CloudFront)
x-amz-cf-id: Uki4s8GLWyROVM_EWzFspFpTo6Rhch5othXAsOG9xz7EJEGV74P6PA==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: 0Pv4FeN7NqwNyDE.rGzH3.SlbELIQQS_
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 5
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-4wq5t
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.21717/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: bc666453-3367-4b55-b3b0-7f78e9d2fde1
x-request-id: bc666453-3367-4b55-b3b0-7f78e9d2fde1

GET
H2 200 20.ffcf301b.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 120ms
120ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/20.ffcf301b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: d945db3b417b4db19cba8309582dd7f333976336f0d62bc682e662a8848fe4ee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e94d-c4f"
cdn-fileserver: 750
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-632
last-modified: Wed, 04 Dec 2024 23:44:13 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/08/2024 18:16:14
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 7c6181222be8f16cfe238a81e4060ba8
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 17.87b0f6e9.min.js Show response
a.omappapi.com/app/js/ 458 B
1 KB 121ms
121ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/17.87b0f6e9.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 284b0facae6132d66280225e6562ce6f8442656568dbb12123094de6433022dc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc95-1ca"
cdn-fileserver: 728
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-633
last-modified: Thu, 03 Oct 2024 20:20:37 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/25/2024 18:49:39
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: bc9bc51dc2d2b6f325b02547ff6dfab7
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/7db38cff-5077-441d-81cd-10e2ee603557/ 256 B
825 B 172ms
171ms Fetch
application/json 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/7db38cff-5077-441d-81cd-10e2ee603557/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151606

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0d7310be48b4f4fc33d69c4debdc93c879a9541d61be8f2347c94a77fac19b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-request-id: d011f3d7-8c63-448c-97f0-876b5929cf84
content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"a0d7310be48b4f4fc33d69c4debdc93c"
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: application/json; charset=utf-8
vary: Accept, Origin, Accept-Encoding
x-runtime: 0.014463
priority: u=1,i
access-control-allow-headers: SDK-Version
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
via: 1.1 google
cf-ray: 8f13f649bff5c21d-TLV
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET FollowCompany
www.linkedin.com/pages-extensions/ Frame 6C1E 0
0

GET
H3 200 FollowCompany
www.linkedin.com/pages-extensions/ Frame 864B 0
0 446ms
330ms Document
text/html 172.64.146.215
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=c6cb812a-6e06-4646-8760-fe7f7f330b38&xd_origin_host=https%3A%2F%2Fcyble.com

Requested by

Host: platform.linkedin.com
URL: https://platform.linkedin.com/in.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.146.215 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .licdn.com .linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ .microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: ; font-src data: ; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src .licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' .licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors ; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8f13f64adf28c21f-TLV
content-encoding: gzip
content-length: 814
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com; script-src 'report-sample' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q='; img-src data: blob: android-webview-video-poster: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src *.licdn.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' *.licdn.com lnkd.demdex.net www.youtube-nocookie.com player.vimeo.com; frame-ancestors *; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gnf
content-type: text/html; charset=utf-8
date: Fri, 13 Dec 2024 06:40:19 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
priority: u=0,i
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-li-fabric: prod-lor1
x-li-pop: cf-prod-lor1-x
x-li-proto: http/1.1
x-li-uuid: AAYpIRrAuyomwg/lVzqjtw==

GET
H2 200 19.29995104.min.js Show response
a.omappapi.com/app/js/ 4 KB
2 KB 125ms
115ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.29995104.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 347f04555337c884b83cc6ee9c57ed53f2d9dc61b9a5a7e638dc562d6ef6a4e0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "c4f590b097d6c1b7b64f6fae4032b013"
date: Fri, 13 Dec 2024 06:40:19 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: f6Hm9HIM6B3ramHRgF5VB35K0MfEOBpOxms/CsluI7BOpJzs1SWlyV1Td3oZUVRLwukWDRmXYvo=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 1
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: b153e5df6aa751c7e4c25a03bea30d6a
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJQ6R2THTEMV3EQ
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:03
cdn-edgestorageid: 1080
perma-cache: MISS
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 27.78befebd.min.js Show response
a.omappapi.com/app/js/ 6 KB
2 KB 127ms
117ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.78befebd.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: b536245d5d1912397f06964694ae416b45a26a3bc39021850852c647bee46bab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc81-174f"
cdn-fileserver: 861
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-634
last-modified: Thu, 03 Oct 2024 20:20:17 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/20/2024 16:53:16
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 1082d0530d21d90e8e932e11df8ea24b
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 33.db83743a.min.js Show response
a.omappapi.com/app/js/ 34 KB
9 KB 152ms
143ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/33.db83743a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: eff50ee97749192a01ffbe5c7d7b3b88d11cc53dcbd6d659b22b37e8cc0754d7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6728ef64-878e"
cdn-fileserver: 587
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-51
last-modified: Mon, 04 Nov 2024 15:59:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/26/2024 16:43:25
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: e006a9cf37b1865e7e7ac90fef0c8f69
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 10.f3e1fec4.min.js Show response
a.omappapi.com/app/js/ 31 KB
10 KB 138ms
130ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.f3e1fec4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 46be8975c077af9ee628b95903df417598a0df10350acb20e678ab3fe9a54f36

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "673cdbfb-7cf4"
cdn-fileserver: 861
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-633
last-modified: Tue, 19 Nov 2024 18:42:03 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/30/2024 16:08:30
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 512d2ba6645c14ec0d177ca8ff230b6e
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 0.97289c7b.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 155ms
147ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.97289c7b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 54adf4588038aa406ce898380a589e4afb4bd8c3b4d152461e1b4641a7443fba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6750e944-1a9f"
cdn-fileserver: 818
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-636
last-modified: Wed, 04 Dec 2024 23:44:04 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/10/2024 07:26:18
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 3e3128c49ce3d214fb53bc04efbaceb6
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1082
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 9.b36e2a05.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 157ms
149ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.b36e2a05.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: f14b33b9d5a249b41c2c3ab1065df21780f8d7d681c6a745244848dff1845c58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc88-650"
cdn-fileserver: 861
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-588
last-modified: Thu, 03 Oct 2024 20:20:24 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/03/2024 16:12:18
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 3d0f543c9e326b757a9e43b5289ef927
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 11.c5ec45ff.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 161ms
154ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.c5ec45ff.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 39dd4eedf59461aa0bb42f57f4663d3b3224f5efcdf95f7e571e829aae135905

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc89-838"
cdn-fileserver: 728
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-636
last-modified: Thu, 03 Oct 2024 20:20:25 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/10/2024 22:02:19
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: a0a2ef8aae18116959908937e0cdfa72
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 28.22ee4263.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 163ms
156ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.22ee4263.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 071277a837bd15a2c626377ff352570603ae3edc5e279a1af896514f3737f535

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "606e4fcc663cab0b54ecfbc5b2b0bb65"
date: Fri, 13 Dec 2024 06:40:19 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: iVZVhLyWrEPG9XhWEhlXHXXeH7ehnooatbw6s4K0TC9HZppRANILy2xVkl7GfVS3tkphDcLOxMY=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 217e75122b06d1e997e60aa0af9e2ef3
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJXEBP5K9ANGDPN
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:03
cdn-edgestorageid: 1080
perma-cache: MISS
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 26.6128bd2e.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 165ms
158ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.6128bd2e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 7c345c812c6c32c007d7fe0f4968df8f847ea5006e76c8633da70d446b1936a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc81-4e1"
cdn-fileserver: 588
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-676
last-modified: Thu, 03 Oct 2024 20:20:17 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/30/2024 09:48:45
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 22760f8497ef1ca80c065c701bbc6900
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 16.d9461827.min.js Show response
a.omappapi.com/app/js/ 830 B
1 KB 157ms
151ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.d9461827.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 140eedc23b5929c1bb8a74d021936779b48156ccb5445431659d656f8aa104cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc7e-33e"
cdn-fileserver: 817
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-635
last-modified: Thu, 03 Oct 2024 20:20:14 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/13/2024 06:39:24
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 43d706e6b2bab11efa8e40432b6adaf9
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 1.05facc5e.min.js Show response
a.omappapi.com/app/js/ 9 KB
3 KB 191ms
184ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.05facc5e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 4d4650ca007326deb6524524b7074dd677a0026d75ad55f56df7698a136d9034

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-amz-server-side-encryption: AES256
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "42d9c13071599c41bda2c3602de63bac"
date: Fri, 13 Dec 2024 06:40:19 GMT
last-modified: Wed, 04 Dec 2024 23:43:55 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
x-amz-id-2: qmYwbJbBFU8g2Sf4fGAMjAgRm/jIu86IIegMjZk70xefHR3yvDCKJVO9r0xVH3N8E6kbm5Rr9IiVqf3sa70OyIujTHX+vszQ9oUafslPHxI=
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: c190daaa6317046d843574d27e7dd79b
cdn-pullzone: 293267
cdn-proxyver: 1.06
x-amz-request-id: SYJSGHDA4C0FVP8M
access-control-allow-origin: *
cdn-cachedat: 12/04/2024 23:44:03
cdn-edgestorageid: 1079
perma-cache: MISS
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 21.8fe2e52f.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 186ms
180ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.8fe2e52f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: e92b5c4af8c5c6115f09955c6aa8577a45c65effe782e0593540f09177f69a29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc88-65a"
cdn-fileserver: 817
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-638
last-modified: Thu, 03 Oct 2024 20:20:24 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/30/2024 09:48:45
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 0d87fffdd9093fe5d7aa5dcf055252b2
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1079
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 22.9cb0da1f.min.js Show response
a.omappapi.com/app/js/ 948 B
1 KB 186ms
180ms Script
application/javascript 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/22.9cb0da1f.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 57533e961bdaf5ffaf1146f0c041f0598806607a330000195992f4652d2c1f17

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66fefc7e-3b4"
cdn-fileserver: 817
date: Fri, 13 Dec 2024 06:40:19 GMT
cdn-storageserver: DE-633
last-modified: Thu, 03 Oct 2024 20:20:14 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/08/2024 00:59:14
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 463074f37ae59741b5ce7ca8db131e72
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 0
21 B 1695ms
386ms Script
application/javascript 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
x-envoy-response-flags: -
x-content-type-options: nosniff
content-length: 0
date: Fri, 13 Dec 2024 06:40:20 GMT
content-type: application/javascript;charset=utf-8
server: Clearbit

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 168 KB
45 KB 1613ms
306ms Script
application/javascript 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
content-encoding: gzip
x-envoy-response-flags: -
x-content-type-options: nosniff
date: Fri, 13 Dec 2024 06:40:20 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
server: Clearbit

GET
H3 200 OqW0O85nReudZFfWLGUA_cyble-logo.jpg
img.onesignal.com/permanent/280ba632-3e15-42c5-b8db-34718c635fef/ 9 KB
10 KB 220ms
219ms Image
image/jpeg 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/permanent/280ba632-3e15-42c5-b8db-34718c635fef/OqW0O85nReudZFfWLGUA_cyble-logo.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99eafd83dc71117d7a1383b917a4f0f20455203c3c7d48c9b71ab5cfabd4d6a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=L7lS7A==, md5=p+8UhJvZCznoti6sM5CjSw==
cf-bgj: imgq:85,h2pri
etag: "-CNb2xfjZ8ocDEAE="
cf-cache-status: REVALIDATED
x-goog-stored-content-encoding: identity
expires: Mon, 13 Jan 2025 06:40:19 GMT
cf-polished: degrade=85, origSize=19541, status=vary_header_present
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 19541
server-timing: cfExtPri
date: Fri, 13 Dec 2024 06:40:19 GMT
content-type: image/jpeg
last-modified: Tue, 13 Aug 2024 19:28:59 GMT
vary: Origin, Accept-Encoding
priority: u=3,i
x-guploader-uploadid: AHxI1nOGzX4fZ81DKbnxHrrw_zQLSi591ZzfJ3yCl_p-g_hy0zA-YGoY4k3dXZcTc-lpgq3W5lU
strict-transport-security: max-age=15552000; includeSubDomains
cache-control: public, max-age=2678400
pragma: no-cache
x-goog-storage-class: STANDARD
cf-ray: 8f13f64acf3dc22f-TLV
x-goog-encryption-kms-key-name: projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
accept-ranges: bytes
x-goog-generation: 1723577339575126
content-length: 9292
server: cloudflare

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.wp.com/s/roboto/v32/ 18 KB
18 KB 114ms
114ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.8.7

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts-api.wp.com/

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
x-nc: HIT lhr 1
age: 396535
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 18536
date: Fri, 13 Dec 2024 06:40:19 GMT
x-xss-protection: 0
content-type: font/woff2
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
server: nginx

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
2 KB 357ms
124ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Sarabun%3Aital%2Cwght%400%2C400%3B0%2C700&family=Rubik%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

21ef5e6434bc507bbf24bd0294c53dc7e561bdd0c991b45d90be45cbbde72978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:40:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:20 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 13 Dec 2024 06:40:20 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
745 B 357ms
125ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

43c09afbdac92bfc5756cb574ca7b26aaa96f39f91cacdf48cc51316bcceeb41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:40:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:20 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 13 Dec 2024 06:40:20 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 123ms
121ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
access-control-allow-methods: GET
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Fri, 13 Dec 2024 06:40:19 GMT
last-modified: Mon, 11 Dec 2023 17:19:47 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kcgs7200086-IAD, cache-fra-etou8220142-FRA
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=315360000
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2620
x-amz-server-side-encryption: AES256

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
273 B 1224ms
435ms XHR
text/plain 52.184.215.111
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.58/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.215.111 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 13 Dec 2024 06:40:21 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 follow_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 81A6 0
0 118ms
117ms Document
text/html 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 13712
content-type: text/html; charset=utf-8
date: Fri, 13 Dec 2024 06:40:20 GMT
etag: "bf4801052efb5f8f12057c849e9b590f+gzip"
last-modified: Mon, 11 Dec 2023 17:19:47 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kcgs7200083-IAD, cache-fra-etou8220024-FRA

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
292 B 1472ms
218ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22cybleglobal%22%2C%22widget_creator_screen_name%22%3A%22cybleglobal%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1734072020050%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=817a30688c334e67b38e86833c57f5a100596801

Requested by

Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-type: image/gif
strict-transport-security: max-age=631138519
x-transaction-id: 30e248803e4f9878
cache-control: must-revalidate, max-age=600
x-connection-hash: 9b02cab83877d392f574cd5c7e8924d03fa142510be1dba8c14296eaefe5649f
x-response-time: 101
content-length: 43
date: Fri, 13 Dec 2024 06:40:20 GMT
last-modified: Fri, 13 Dec 2024 06:40:21 GMT
perf: 7402827104
vary: Origin
server: tsa_f

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v22/ 8 KB
8 KB 439ms
269ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 251064
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 08:55:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 08:55:56 GMT
last-modified: Wed, 04 Dec 2024 06:53:08 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7884
x-xss-protection: 0
server: sffe

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v29/ 18 KB
18 KB 285ms
246ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Sarabun%3Aital%2Cwght%400%2C400%3B0%2C700&family=Rubik%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 296924
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 09 Dec 2025 20:11:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 20:11:36 GMT
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18792
x-xss-protection: 0
server: sffe

GET
H3 200 DtVmJx26TKEr37c9YK5silss6w.woff2
fonts.gstatic.com/s/sarabun/v15/ 11 KB
11 KB 131ms
120ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sarabun/v15/DtVmJx26TKEr37c9YK5silss6w.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

ad4e2d51cf7f8cad0b33fcae853656fa79fa2da3e9828bdf50895a88d9463259

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 140462
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 15:39:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 15:39:18 GMT
last-modified: Thu, 24 Aug 2023 20:36:53 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11632
x-xss-protection: 0
server: sffe

GET
H3 200 DtVjJx26TKEr37c9aBVJnw.woff2
fonts.gstatic.com/s/sarabun/v15/ 11 KB
11 KB 196ms
164ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sarabun/v15/DtVjJx26TKEr37c9aBVJnw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

0c18a7096d8615e2b30d7fbaccb64fe00b6cffccf671c3c4ca53244640722202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 140296
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 15:42:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 15:42:04 GMT
last-modified: Thu, 24 Aug 2023 21:03:27 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11452
x-xss-protection: 0
server: sffe

GET
H3 200 iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2
fonts.gstatic.com/s/rubik/v28/ 18 KB
18 KB 124ms
113ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

c87fcac153783ea615f856ad1c0e12791952c39b8ddde7f11fa3d47c0a3b3998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 253746
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 08:11:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 08:11:14 GMT
last-modified: Thu, 29 Jun 2023 16:30:12 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18856
x-xss-protection: 0
server: sffe

GET
H3 200 0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2
fonts.gstatic.com/s/vollkorn/v27/ 25 KB
25 KB 249ms
213ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/vollkorn/v27/0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

7020a2f35c08a997e1d96da73093b9bb97df210cd9147454c9e38972818724e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 140268
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 15:42:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 15:42:32 GMT
last-modified: Fri, 27 Sep 2024 00:45:50 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25496
x-xss-protection: 0
server: sffe

GET
H2 200 533035b6c3b6cf5613e23c21ac1b56ab-optin.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/wlravxmwms40sunr2q0v/ 23 KB
4 KB 385ms
123ms XHR
application/json 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/wlravxmwms40sunr2q0v/533035b6c3b6cf5613e23c21ac1b56ab-optin.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 0f2ca337e8e1a04cd619e8fbff4b26cd81a5aef5b593462c250110bb68ba9a29

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6746b7c5-5ba7"
cdn-fileserver: 817
date: Fri, 13 Dec 2024 06:40:20 GMT
cdn-storageserver: DE-638
last-modified: Wed, 27 Nov 2024 06:10:13 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 11/27/2024 07:01:30
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 7bbaa090a738e2796aeaf7c9fa93cbfd
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 9f2bee7e0bbee0ce290705075c691d69-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/ 32 KB
5 KB 366ms
127ms XHR
application/json 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/9f2bee7e0bbee0ce290705075c691d69-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 596e5530d1cf66e097a7a82ab01d9f5d98db99bd6688f8ec9d1775e213e06ef4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "66c4dc66-7eb5"
cdn-fileserver: 728
date: Fri, 13 Dec 2024 06:40:20 GMT
cdn-storageserver: DE-639
last-modified: Tue, 20 Aug 2024 18:11:50 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/11/2024 17:44:06
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 54c7782260966b8aeb3eee846f92269f
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1081
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 a92e7b49b8bb1724659993-1200x300-1.webp
a.omappapi.com/users/b584497dcf5c/images/ 31 KB
32 KB 123ms
122ms Image
image/webp 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/b584497dcf5c/images/a92e7b49b8bb1724659993-1200x300-1.webp?width=900
Requested by: Host: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: cf37c05fbc57b2215d1d3cf68364b3b49f006e891f8ae4d8f5b355c06a3fbde0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag: "66cc392f-7bd6"
cdn-fileserver: 818
date: Fri, 13 Dec 2024 06:40:20 GMT
cdn-storageserver: DE-632
content-type: image/webp
last-modified: Mon, 26 Aug 2024 08:13:35 GMT
cdn-cachedat: 11/08/2024 01:23:18
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 2f791a63c77d64e4f928968dc2de2288
cdn-pullzone: 293267
cdn-proxyver: 1.06
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31702
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 552ms
305ms XHR
application/json 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-max-age: 7200
access-control-expose-headers
content-encoding: gzip
x-envoy-response-flags: -
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options: nosniff
access-control-allow-origin: https://cyble.com
date: Fri, 13 Dec 2024 06:40:21 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Clearbit

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 129ms
128ms Fetch
text/plain 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-4FJGSRPM4S&gtm=45je4cc0v885439329z8868834701za200&_p=1734072016614&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178~102262856&cid=908001924.1734072017&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAC&_s=3&sid=1734072017&sct=1&seg=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F&dt=UAC-0215%20Phishing%20Campaign%20Targets%20Ukraine%27s%20Critical%20Sectors&en=page_view&_et=88&tfd=11065
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4FJGSRPM4S
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cyble.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:22 GMT
content-type: text/plain
server: Golfe2

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
273 B 194ms
192ms XHR
text/plain 52.184.215.111
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.58/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.215.111 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 13 Dec 2024 06:40:23 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
951 B 335ms
244ms XHR
application/json 104.16.117.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fphishing-campaign-targeting-ukraine-uac-0215%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dba8b0a8b40979b0a0f138f3a0e3a2467fc83b1ea89f8b3cc6e3bc599ec3351

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 22b3bc06-e5dc-4555-b702-24f0c7d6bae0
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xuHUe%2Fy95zF9XyCr51Bm4JVaIdn9YtNH3xWTu8O89GlYtpIYGL9QgjKxY2yL%2BKGUa6AaCil8%2B1gp3UB4fbm%2FBNUQOaRy%2FJmuV4%2F9sMQuTxrOVcJg8KxQ0Z8fkIEQrbQN8WgV"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Fri, 13 Dec 2024 06:40:38 GMT
x-hubspot-correlation-id: 22b3bc06-e5dc-4555-b702-24f0c7d6bae0
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-qfwh5
x-envoy-upstream-service-time: 15
access-control-allow-credentials: false
cf-ray: 8f13f6bfe8327da1-TLV
access-control-allow-origin: https://cyble.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
273 B 767ms
203ms XHR
text/plain 52.184.215.111
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.58/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.215.111 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 13 Dec 2024 06:40:40 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
1 KB 148ms
121ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Raleway%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C800&family=Rubik%3Aital%2Cwght%400%2C400%3B0%2C600&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.c2eb0e91.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

c4b8bf7d4f053b44c856d7abf00f780c7230dba1513b2640493133e048cebace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 13 Dec 2024 06:40:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 06:40:44 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 13 Dec 2024 06:40:44 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v29/ 18 KB
0 1ms
1ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat%3Aital%2Cwght%400%2C400&family=Raleway%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C800&family=Rubik%3Aital%2Cwght%400%2C400%3B0%2C600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 296924
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 09 Dec 2025 20:11:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 20:11:36 GMT
last-modified: Wed, 06 Nov 2024 17:30:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18792
x-xss-protection: 0
server: sffe

GET
H3 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v34/ 47 KB
47 KB 116ms
114ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 250729
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 09:01:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 09:01:55 GMT
last-modified: Wed, 01 May 2024 20:31:48 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48336
x-xss-protection: 0
server: sffe

GET
H3 200 iJWKBXyIfDnIV7nBrXw.woff2
fonts.gstatic.com/s/rubik/v28/ 35 KB
35 KB 129ms
128ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://cyble.com
Referer: https://fonts.googleapis.com/

Response headers

age: 240253
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 10 Dec 2025 11:56:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 11:56:31 GMT
last-modified: Thu, 29 Jun 2023 16:14:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35448
x-xss-protection: 0
server: sffe

GET fa-solid-900.woff
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 0
0

POST
H/1.1 204
No Content collect Show response
j.clarity.ms/ 0
273 B 579ms
577ms XHR
text/plain 52.184.215.111
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.58/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.215.111 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

Request-Context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
Access-Control-Allow-Origin: https://cyble.com
Date: Fri, 13 Dec 2024 06:40:46 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 8ceddcf90c40360d800bf51b4cd991f3-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/b4m2ivdbe4eosyrui9pw/ 26 KB
5 KB 122ms
122ms XHR
application/json 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/b4m2ivdbe4eosyrui9pw/8ceddcf90c40360d800bf51b4cd991f3-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 195c5c031ea2fdeb6673cd304ac3e41fc3ffcf432e4e871034b7007815a4d57d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding: br
etag: "6757e35e-66a9"
cdn-fileserver: 750
date: Fri, 13 Dec 2024 06:40:46 GMT
cdn-storageserver: DE-632
last-modified: Tue, 10 Dec 2024 06:44:46 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cdn-cachedat: 12/10/2024 08:12:39
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 6e69605a47c0daaa0fc7bfcd54ae13f7
cdn-pullzone: 293267
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 200 5d97e87a770a1733812496-800x420-4.webp
a.omappapi.com/users/b584497dcf5c/images/ 60 KB
60 KB 130ms
130ms Image
image/webp 169.150.247.36
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/b584497dcf5c/images/5d97e87a770a1733812496-800x420-4.webp?width=600
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.36 Frankfurt am Main, Germany, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: 169-150-247-36.bunnyinfra.net
Software: BunnyCDN-DE1-1079 /
Resource Hash: 029f38945ccf4b852fc04ab4ffa6b2d5a4a88289b156005aeec142fb5fc76779

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

perma-cache: HIT
cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag: "6757e273-ee4a"
cdn-fileserver: 382
date: Fri, 13 Dec 2024 06:40:46 GMT
cdn-storageserver: DE-636
content-type: image/webp
last-modified: Tue, 10 Dec 2024 06:40:51 GMT
cdn-cachedat: 12/10/2024 08:19:51
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 3cd4b958740660f69dff7e5663b6d4a3
cdn-pullzone: 293267
cdn-proxyver: 1.06
accept-ranges: bytes
access-control-allow-origin: *
content-length: 61002
cdn-edgestorageid: 1080
server: BunnyCDN-DE1-1079
cdn-requestcountrycode: IL

GET
H2 204 i Show response
z.omappapi.com/v3/ 0
126 B 423ms
412ms XHR
text/plain 104.18.3.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://z.omappapi.com/v3/i?aid=239265&cid=b4m2ivdbe4eosyrui9pw&sid=63e9c60925c7f&rt=false&dv=desktop&cty=popup&url=blog%2Fphishing-campaign-targeting-ukraine-uac-0215&v=5
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.9 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/

Response headers

cf-cache-status: DYNAMIC
access-control-allow-credentials: true
cf-ray: 8f13f6f70d229046-FRA
access-control-allow-origin: https://cyble.com
date: Fri, 13 Dec 2024 06:40:47 GMT
x-kong-response-latency: 15
vary: Origin
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cyble.com
URL: blob:https://cyble.com/21f179a5-0803-43d4-96cb-f022008d0925

Domain: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Domain: cyble.com
URL: https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.7.1

Domain: cyble.com
URL: https://cyble.com/blog/phishing-campaign-targeting-ukraine-uac-0215/?relatedposts=1

Domain: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.3

Domain: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.8b46f464e573feab5dd7.bundle.min.js

Domain: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.aec59265318492b89cb5.bundle.min.js

Domain: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.25.11

Domain: www.linkedin.com
URL: https://www.linkedin.com/pages-extensions/FollowCompany?id=14707748&counter=&xdOrigin=https%3A%2F%2Fcyble.com&xdChannel=c6cb812a-6e06-4646-8760-fe7f7f330b38&xd_origin_host=https%3A%2F%2Fcyble.com

Domain: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff

Verdicts & Comments Add Verdict or Comment

239 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

89 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-21 01:41:13	Name: __cf_bm Value: OxryhV9tFZiED9AC1U5_RHcAs9UvDYntEfS6nGQ6xKg-1734072016-1.0.1.1-pasKXjMNBKzDXiIp8Rj32JKNbfXrMlCicrP2qjZVf30wDTgCqhLLzUUsCjx3W66AhzHwJ4BilqFhIn6HEnjNSg
.apollo.io/	1970-01-21 01:41:13	Name: __cf_bm Value: _oYop6N6qElmiPV9383w2JxO3Fq2t6WD.O1NuJRhbJI-1734072016-1.0.1.1-dCTV.gPUKMEol9rNSNkhgA_gRgbwq_E6O.6eJ74CcWU2rg7b6D4q5UBaJDrUT01pfZDgxz.rSZ6LdxCjiCA5dw
.hs-scripts.com/	1970-01-21 01:41:13	Name: __cf_bm Value: k.TLYP3zhQEgDRByQBTFEhW5cpKuoh0NXyf98iIPljk-1734072017-1.0.1.1-SQJUGFlX.jsi.x23YStXTGAlfNJtlbwqu7NHGkZQ0AhSnrsGJqTIVVYmjppzzHxucMYox.TnHozTOkTj_kbj8g
.onesignal.com/	1970-01-21 01:41:13	Name: __cf_bm Value: 04nY3O.oSJAGvQ2g349O97IzJpK_K6sfdVn.VuVbecw-1734072017-1.0.1.1-NVPFv4MDnrMHvmHjwsnGNO17hqRGp1.kNfowVCyNIWMK4ucV4uZcfvo_15Xia.TnESvgVO4aa.ANGnQyxC7V5Q
.cyble.com/	1970-01-21 03:50:48	Name: _gcl_au Value: 1.1.1463438234.1734072017
.cyble.com/	1970-01-21 11:17:12	Name: _ga_4FJGSRPM4S Value: GS1.1.1734072017.1.1.1734072017.0.0.0
www.g2.com/	1970-01-21 01:51:16	Name: AWSALBCORS Value: c+AF7eE9ZZuBtluFk2p5WbFG8Ke7fACMg4aR2bY4Y90U0dZd7zFttDCJxNCceZ3NFs90baLl0BzSEF48JKuvQn9a84fzTzQdOuEHNvcCEwlU9gGxggMhWCNH6qJI
www.g2.com/	1969-12-31 23:59:59	Name: events_distinct_id Value: a56089d9-60a7-4c83-be02-c5b095603074
www.g2.com/	1970-01-21 01:41:13	Name: amplitude_session Value: 1734072017444
.g2.com/	1969-12-31 23:59:59	Name: _g2_session_id Value: 5ce647fc9c7d558a82b03897787b7eea
.g2.com/	1970-01-21 01:41:13	Name: __cf_bm Value: uOsRGbzK3RE6QpDpobZvgzDhLbd_Rh8M9MqZlfjaaLM-1734072017-1.0.1.1-mAYfd_N66cnRVvfr08N3PZIY9i4lYzCLxUiRpMbYKrdiE.0rqI62ZS8XLF69o0sqXf_BI7PiQ35aIVnAzqvfsg
cyble.com/	1969-12-31 23:59:59	Name: nitroCachedPage Value: 0
.hs-analytics.net/	1970-01-21 01:41:13	Name: __cf_bm Value: yVPHxpF8UoQU5bz3X9kFRvhupVkamyW2oXUkYXSJxVc-1734072017-1.0.1.1-_B0g8_ZZTSkxc3y_65hf95NjZtvhqN0KxgJUCw59_qbnsDUwfsMCNEtfRfn_g0uDwLgtD1sFMsGYlP3LslBUrQ
.g2crowd.com/	1970-01-21 01:41:13	Name: __cf_bm Value: zu2aC5sYZ6TH0pqoPqwZ2GugF4emM1BAqNIIPvT7r40-1734072017-1.0.1.1-PW9KI4hxV4gBg34kYgN3vcyIJhP2OdbGRFB33DuggCvRCL9ng7bZWgAvZz2.WvxFsnmEJXWwGZ57KALiywpdxA
.cyble.com/	1970-01-21 01:42:38	Name: _gid Value: GA1.2.1313304579.1734072018
.cyble.com/	1970-01-21 01:41:12	Name: _gat_UA-201575643-1 Value: 1
.usemessages.com/	1970-01-21 01:41:13	Name: __cf_bm Value: Msxzan0vrns6x6lZ4V1iarrTbwi0c5aMigzoiIdrvt8-1734072017-1.0.1.1-GAafj2cHFGqZcTLfdt9gkmpc0O.oUlTs5zmQ_TfRmWFLGelkA.e.O_H3f6Tbr2IH3b3RpI.g4ek3oZD.WgvQQw
.hs-banner.com/	1970-01-21 01:41:13	Name: __cf_bm Value: kYTpwxKmcUW_Z.cJhV3SXWHhxzY4SK7SCvh8ylX6rG0-1734072017-1.0.1.1-NfOppbomaft5vUh31cpImMRWJnJv2g2qAL55a9bigZe8zU2GRlwUrKWzhPrEkIvXXDDlrQuo6yPjUqANs2HhgA
.cyble.com/	1970-01-21 03:50:48	Name: _rdt_uuid Value: 1734072017961.660a50a6-7e8f-4577-a1d7-c484727d49bf
.cyble.com/	1970-01-21 11:17:12	Name: _ga_361856552 Value: GS1.1.1734072018.1.0.1734072018.0.0.0
.cyble.com/	1970-01-21 11:17:12	Name: _ga Value: GA1.1.908001924.1734072017
.hsadspixel.net/	1970-01-21 01:41:13	Name: __cf_bm Value: Z5FZq5_oFTzOVB1oMADvzsxZnRHUH7DY0dYqFsTg0S4-1734072018-1.0.1.1-9dpt43v5DWwJM1OpI630A84RSlYlpLQbNEa3U0cNnod5dx.6zcE3aFPVCJXidpW_EFrTKJ1UHXoKUgDOWwdoAQ
www.clarity.ms/	1970-01-21 10:26:48	Name: CLID Value: 439398381a944352ba1dc9947b00106e.20241213.20251213
.cyble.com/	1970-01-21 11:17:12	Name: _ga_N9ZXY95EM4 Value: GS1.1.1734072018.1.0.1734072018.0.0.0
.d.adroll.com/	1970-01-21 11:10:00	Name: receive-cookie-deprecation Value: 1
.adroll.com/	1970-01-21 11:10:00	Name: receive-cookie-deprecation Value: 1
cyble.com/	1970-01-21 11:17:12	Name: _omappvp Value: AuhoThFPXol2GZ72bKe9kSjSMmFqjHhVo4NyxCBCp46l7VCHq0WMiMSI7k3Q39MOk0PoeZ2IbTmD7YxqhIVMRiRQU96BL0YB
cyble.com/	1970-01-21 01:41:13	Name: _omappvs Value: 1734072018385
.cyble.com/	1970-01-21 10:27:09	Name: __adroll_fpc Value: 344d08935d5866e1fa0079e4b330b47f-1734072018439
.cyble.com/	1970-01-21 10:26:48	Name: __ar_v4 Value: %7CELNAF2EZDFHJRAP3ODLCUU%3A20250012%3A1%7C3BMTZYG7A5BPDP54WUQHR4%3A20250012%3A1
.cyble.com/	1970-01-21 03:50:48	Name: _fbp Value: fb.1.1734072018512.212462522265885243
.linkedin.com/	1970-01-21 03:50:48	Name: li_sugr Value: 1d70c83f-375a-471a-b98a-613d8cc51f40
.linkedin.com/	1970-01-21 01:42:38	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3475:u=1:x=1:i=1734072018:t=1734158418:v=2:sig=AQHi13A9tys6UAR5yuGnuYYhQJ4L4gb6"
.linkedin.com/	1970-01-21 10:26:48	Name: bcookie Value: "v=2&5123b8a6-5c20-4c87-8d84-0051c9f19eec"
.cyble.com/	1970-01-21 10:26:48	Name: _clck Value: on4dpj%7C2%7Cfro%7C0%7C1808
.linkedin.com/	1970-01-21 02:24:24	Name: UserMatchHistory Value: AQIwYqnnN2HI1QAAAZO-vyez4aZycNzJqKz8qPrX3eaENPcFYBqrqk8pibEaI56Hpf2_xiZ2J0Mnng
.linkedin.com/	1970-01-21 02:24:24	Name: AnalyticsSyncHistory Value: AQLT5MrkNFnrZQAAAZO-vyezZoye1nzr5PwwJcCmUeUzrrTf--lMLwUjwli0XPNYm6fDLVAGNdlJ_1zVyqSg2g
.tapad.com/	1970-01-21 03:07:36	Name: TapAd_TS Value: 1734072018949
.tapad.com/	1970-01-21 03:07:36	Name: TapAd_DID Value: df08d7ed-2541-43e4-b0f3-3331ca39c69b
.casalemedia.com/	1970-01-21 10:26:48	Name: CMID Value: Z1vW0osFVjoAAERfA1b6ewAA
.casalemedia.com/	1970-01-21 03:50:48	Name: CMPS Value: 4978
.casalemedia.com/	1970-01-21 03:50:48	Name: CMPRO Value: 4978
.rlcdn.com/	1970-01-21 10:26:48	Name: rlas3 Value: 5iYdGSVaDCbh34luZuZd8PkQyoP/36iFhf22zY+LKsw=
.rlcdn.com/	1970-01-21 03:07:36	Name: pxrc Value: CNOt77oGEgUI6AcQABIFCOhHEAA=
.hsforms.com/	1970-01-21 01:41:13	Name: __cf_bm Value: id1vXqT4bifK2xL3fXrJkf1WIXH79bQNLPHEDreQAGQ-1734072019-1.0.1.1-qlr8SaXyZtQz.Zkq1Lix_EPk_OdE9TduqmkSGmYqLwkG5DmqN3b4m.8c_wu6zFlCP_3j73Df_4u6kbkpuwgEjg
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: jAly5O1OLMd08qgqTungkcvuT6M3W8EXOSQYdKYR7pA-1734072019396-0.0.1.1-604800000
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=iw-il
.www.linkedin.com/	1970-01-21 10:26:48	Name: bscookie Value: "v=1&20241213064019f3dc7b94-7de1-4d78-8aed-cf32fdeca33bAQGyBnqW7qf871cbRUv1wtrtrwlnDLzG"
.linkedin.com/	1970-01-21 01:41:13	Name: __cf_bm Value: 7docEWcvovkwUpDHFHb8dnNJ5yl0X.1ZjDSmbHFYOy4-1734072019-1.0.1.1-z44Hdz3dQDpyfDNu27M8KdawdK5QLvzcSpRSLD1Zwe7euBNrVtQ56HZwqaL8z1fMEQsxH7dCFxjPT_SKpB9NUg
.doubleclick.net/	1970-01-21 11:17:12	Name: IDE Value: AHWqTUltAQKE2YzisErmFOQlHAzuBJRnPdi25oKUkmxUgbP_uXzUvKMe26WlL_qkxWI
.adsrvr.org/	1970-01-21 10:26:48	Name: TDID Value: 9715676a-b52b-4830-a7b6-37aec943a0ec
.d.adroll.com/	1970-01-21 11:10:00	Name: __adroll Value: c6f30eee545a87737d8d9e5e1aa8cc66-g_1734072019-a_1734072018
.adroll.com/	1970-01-21 11:10:00	Name: __adroll_shared Value: c6f30eee545a87737d8d9e5e1aa8cc66-g_1734072019-a_1734072018
.adnxs.com/	1970-01-21 03:50:48	Name: XANDR_PANID Value: aM55m7W69WcvJ4De0vInBzYEks80wZeU5CWIYhwQEyXskiJGLFoMmXhUvXEB_GP7tcVPd9-1tSdis6fOW5gMRTVXlT33VzKa1HAnOAXHU2U.
.adnxs.com/	1970-01-21 11:17:12	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 03:50:48	Name: uuid2 Value: 8851358882318064434
.adsrvr.org/	1970-01-21 10:26:48	Name: TDCPM Value: CAESFAoFdGFwYWQSCwjctpS34dLNPRAFGAUgASgCMgsIzrX74vfSzT0QBTgB
.pippio.com/	1970-01-21 10:26:48	Name: did Value: MZcAjOXvguFR4kHX
.pippio.com/	1970-01-21 10:26:48	Name: didts Value: 1734072019
.pippio.com/	1970-01-21 03:07:36	Name: nnls Value:
.pippio.com/	1970-01-21 03:07:36	Name: pxrc Value: CAA=
.adnxs.com/	1970-01-21 03:50:48	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2GVSu>`]q!]tbPl@/@8$-^=$U_hsB@6G2+?gl?>[4kmZAKJVe_IaAN=#+ObXT:DwAL:A3BHFt+CcB(#Yvq-#rwz%13If)y3KL9D3I?+JXhN'S
.tapad.com/	1970-01-21 03:07:36	Name: TapAd_3WAY_SYNCS Value: 1!8358
.www.linkedin.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: ajax:4335795321873304409
.cyble.com/	1970-01-21 01:42:38	Name: _clsk Value: 18yufv0%7C1734072020552%7C1%7C1%7Cj.clarity.ms%2Fcollect
.hsappstatic.net/	1970-01-21 01:41:13	Name: __cf_bm Value: zP6FXGdYpcaFX.ErkhDq8QQffRagHiJH604PZF1Z584-1734072020-1.0.1.1-ITg9ObjnNf4CXHyXQs2cMGXtIHn6nwVDMhwLg37ntTje7FyBwYsICLuH6X6Iji5B1K.OYvCzZv6gX7u4Vcty8A
cyble.com/	1970-01-21 02:24:24	Name: omSeen-hrmi1wlyf5zkw7jqsfln Value: 1734072020809
cyble.com/	1970-01-21 02:24:24	Name: omSeen-wlravxmwms40sunr2q0v Value: 1734072020951
.cyble.com/	1970-01-21 06:00:24	Name: messagesUtk Value: 1eab554fde8843958f1c516b9d4d552d
.cyble.com/	1970-01-21 10:26:48	Name: cb_user_id Value: null
.cyble.com/	1970-01-21 10:26:48	Name: cb_group_id Value: null
.cyble.com/	1970-01-21 10:26:48	Name: cb_anonymous_id Value: %223b0414c8-e32d-46f4-a874-9c56cd24e7f1%22
.labs.cyble.com/	1970-01-21 01:41:13	Name: __cf_bm Value: zYZD_kCc2U5izMPlnwHRQFOiokedOzQ9E1fZldYVUAQ-1734072021-1.0.1.1-RDFpdYdShsqR2NLjPypMpbpNnzTGNNiufGT.Lrg1b5MPFHozeH5l5drkRsuSIQBBqe40_rS.wr214r.I_9UTkQ
.labs.cyble.com/	1969-12-31 23:59:59	Name: _cfuvid Value: RB2sfU_jGyv.YnEOQnHzU8TrgwlXI_rBR8wvw7QsLAY-1734072021318-0.0.1.1-604800000
.hubspot.com/	1970-01-21 01:41:13	Name: __cf_bm Value: jAjdQe6_jQB48ylbexcnT7srbFivkl71xbcOesdRQRU-1734072021-1.0.1.1-GPQxY3tIGwBO5yV6kqeWJuDZA4bHw7kHbBhwWHRySXXpWf3Z43cEkwAV8_6UoAEv12vVz8BXTgFfgbofT2rFjQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: _ALnmoYRMO382AZePQScJOaaH1UxW6G1kNJuu.By4FU-1734072021402-0.0.1.1-604800000
.openx.net/	1970-01-21 10:26:48	Name: i Value: cde1e9c3-aef8-43f5-a501-a2cc2b664f49\|1734072022
.taboola.com/	1970-01-21 10:26:48	Name: t_gid Value: 2e6734c9-b8b7-4666-9ebd-be5d567f06b7-tucte555c56
.taboola.com/	1970-01-21 10:26:48	Name: t_pt_gid Value: 2e6734c9-b8b7-4666-9ebd-be5d567f06b7-tucte555c56
.3lift.com/	1970-01-21 03:50:48	Name: tluidp Value: 2811500593926037451671
.3lift.com/	1970-01-21 03:50:48	Name: tluid Value: 2811500593926037451671
x.adroll.com/	1969-12-31 23:59:59	Name: ar_debug Value: 1
.pubmatic.com/	1970-01-21 03:50:48	Name: KRTBCOOKIE_10 Value: 22808-YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&KRTB&22883-YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&KRTB&23504-YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY&KRTB&23615-YzZmMzBlZWU1NDVhODc3MzdkOGQ5ZTVlMWFhOGNjNjY
.pubmatic.com/	1970-01-21 02:24:24	Name: PugT Value: 1734072025
.rubiconproject.com/	1970-01-21 10:26:48	Name: audit_p Value: 1\|6Qtpxjpug21j3WX0/csbSMTOA9hov51256EdS9qU+/x+4SNCS7h+Y/Tw67Ud3KetXkWcOszg9QWM1KxoLazIt7kxm0k08nop+R4DB+iLIkEJdt26juuvtwDsgN9IAEPdQ8TXbZ9lYDH6HUIgYRmowMJG1SWGpQldKXM0CgA3/PGYwrrESE7GHw5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 10:26:48	Name: khaos Value: M4MDPMX3-1D-9J06
.rubiconproject.com/	1970-01-21 10:26:48	Name: khaos_p Value: M4MDPMX3-1D-9J06
.rubiconproject.com/	1970-01-21 10:26:48	Name: audit Value: 1\|6Qtpxjpug21j3WX0/csbSMTOA9hov51256EdS9qU+/x+4SNCS7h+Y/Tw67Ud3KetXkWcOszg9QWM1KxoLazIt7kxm0k08nop+R4DB+iLIkEJdt26juuvtwDsgN9IAEPdQ8TXbZ9lYDH6HUIgYRmowMJG1SWGpQldKXM0CgA3/PGYwrrESE7GHw5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.rubiconproject.com/	1970-01-21 03:50:48	Name: receive-cookie-deprecation Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
alb.reddit.com
api.hubapi.com
api.hubspot.com
api.omappapi.com
aplo-evnt.com
app.apollo.io
app.clearbit.com
app.hubspot.com
assets.apollo.io
c0.wp.com
cdn.onesignal.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts-api.wp.com
fonts.googleapis.com
fonts.gstatic.com
fonts.wp.com
forms.hubspot.com
googleads.g.doubleclick.net
i0.wp.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
img.onesignal.com
j.clarity.ms
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
match.adsrvr.org
ml314.com
nitroscripts.com
onesignal.com
perf-na1.hsforms.com
pippio.com
pixel-config.reddit.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s.adroll.com
s0.wp.com
snap.licdn.com
stats.wp.com
sync.outbrain.com
sync.taboola.com
syndication.twitter.com
tag.clearbitscripts.com
td.doubleclick.net
tracking.g2crowd.com
unpkg.co
unpkg.com
us-u.openx.net
videos.files.wordpress.com
w.soundcloud.com
www.clarity.ms
www.facebook.com
www.g2.com
www.google-analytics.com
www.google.co.il
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
x.adroll.com
x.bidswitch.net
x.clearbitjs.com
z.omappapi.com
cyble.com
www.linkedin.com
104.16.117.116
104.16.118.116
104.16.139.209
104.16.160.145
104.16.189.41
104.16.79.142
104.17.111.223
104.17.175.201
104.17.223.152
104.17.24.14
104.17.246.203
104.18.140.17
104.18.141.119
104.18.242.108
104.18.26.193
104.18.3.9
104.18.30.176
104.18.80.204
104.20.40.213
104.244.42.8
107.178.254.65
13.107.246.45
13.107.42.14
13.32.121.20
141.226.228.48
142.250.181.227
142.250.181.232
142.250.184.194
142.250.184.228
142.250.184.238
142.250.185.202
142.250.186.98
146.75.120.157
151.101.1.140
151.101.193.140
151.101.65.140
157.240.0.35
157.240.0.6
169.150.247.36
172.217.18.3
172.64.146.215
172.64.147.16
172.64.154.248
172.67.138.101
172.67.2.155
18.158.205.16
18.245.86.120
18.66.112.121
192.0.72.3
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.37
192.0.78.152
198.47.127.205
2.16.164.35
216.58.206.66
23.32.238.219
3.33.220.150
34.107.133.146
34.111.113.62
34.117.77.79
34.98.64.218
35.214.136.108
35.244.174.68
37.252.171.21
46.51.197.220
52.184.215.111
54.194.202.214
54.194.225.127
64.202.112.127
69.173.144.138
76.223.111.18
0271a5a5028ea6ee2d842241e06007321236495835c2209c1dde309c91da3324
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc
029f38945ccf4b852fc04ab4ffa6b2d5a4a88289b156005aeec142fb5fc76779
02a661490aa341e4e0abb139d22f9dfaf7de3206329a4d22acacd96cd46351c3
02ae6101096a037cafe3c0bb64a0cb7faf1d617bf6afe35b3405f02f03096b42
071277a837bd15a2c626377ff352570603ae3edc5e279a1af896514f3737f535
07b3080947ec91669e4217cf8f173b8ed033fe5acf7e38cdac5626181c68bdba
07d83ac2f03fbf47783b4f206e6a69f2b243478a826f798b76c761f051d82c89
085f1c63aab752f05fb97467a71718350db0c975cef72e035fac1077ea68abbd
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
08c64f6559fe33c85a5dc61c9f23ad8b570fcc79dd27704a4ef9ed9c26b7faf6
0a0b85f55ebb7086cee0971885ce7e6ffea8e46b1cef521394122362102518c7
0c18a7096d8615e2b30d7fbaccb64fe00b6cffccf671c3c4ca53244640722202
0cd088147551ecae9b1e29c2ac532c56bb99132973e1310f4911d7fa31997a12
0d5b75c856840e6416a09983363ebc6fccf18c130675a5034ff8094e9bdbb0da
0eb0fd9517c69d0c495a9ae4dde49828daf40cb663580cbfb8065ca72e9d01fc
0f2ca337e8e1a04cd619e8fbff4b26cd81a5aef5b593462c250110bb68ba9a29
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
116f7f1694a68142058c98492da5867364419dc5eb682c8c12a14b70a9377ba0
140eedc23b5929c1bb8a74d021936779b48156ccb5445431659d656f8aa104cd
1720f9f3ba818b6997a7a09443b08b846186066911e58f8c47f793bd811912d3
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
195c5c031ea2fdeb6673cd304ac3e41fc3ffcf432e4e871034b7007815a4d57d
1b654ec417d94ece7ba0127055d29e9b7afde13eb8e0f38767b5387086bbeb9e
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07
21ef5e6434bc507bbf24bd0294c53dc7e561bdd0c991b45d90be45cbbde72978
222671695c39932625f7de419d583857d59db5e23a07c46f0b4df9c4cecdea42
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
270e916e0527855b7fb38a288df78658e646a99a057969e4172506375ae17820
275fb4a7bdeab3c59caff1c0ea88bf1adc9f4cfc377a9bec7b28517d13e2fd37
28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087
284b0facae6132d66280225e6562ce6f8442656568dbb12123094de6433022dc
2991f7f34eb201072e46bb4fbcdf5b2e431e224d94323e87e8bef2061f916d88
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
335232b6561e0fbf8142961ab04844d975fb1f4ba7ea1e0535557897da8ce364
347f04555337c884b83cc6ee9c57ed53f2d9dc61b9a5a7e638dc562d6ef6a4e0
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
354a9ee56973d6aa01d66da9905724c3432837ae821ecad80434049cb6b15185
3570909efe317eb6fcd6de84ddbdbd2ba89238bab48ddeaaeffe433da3319de4
3913695714c66c8475f8a3e3af033ad1772cab8f14d028fbc84012d8f9fb7472
39dd4eedf59461aa0bb42f57f4663d3b3224f5efcdf95f7e571e829aae135905
3e86e49c78cd2befb9c7e7b27ee263298290728f7489b17077f00c25e37a5838
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
40cb25cf386062cf660429f20aa17b915e9537d688d55743758aff5e9525a38e
411845113d9d280c3d67c5d304dae27ab10541415b35d098fe832d4bf9659420
4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
43c09afbdac92bfc5756cb574ca7b26aaa96f39f91cacdf48cc51316bcceeb41
43f40a0cc41c14ddc22a05003bef95344b8543a6a08419a9fdf060e21b829f16
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
444ddf787deff39d7f0971825470863a3086ad0a5050c3e62eeb43f054840a4e
44a647ea363f1573ac79f9d249cd3b07c8c026fa6b0a1107c6ca6cbed852b5cf
4603778746bf8372d75ec7350fe3a07572fc909aaee89fc89595fc93c82699f5
46be8975c077af9ee628b95903df417598a0df10350acb20e678ab3fe9a54f36
47374cb7d373f9a8450e1237c80bc5fe68c61fbf0cdf958df7a298143b7dd445
47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098
488c61b1e9b0b33d58f29ea36304b03b688b2107afebe80a78e2053c81244adc
495fed24d3e9684ea506e6b7128c5ae3f8bb59a053dbf77207cfcaa8f32c0e76
4a25d27051a93c414aa93bd0f106134ea8b6d1dd66e40b1ded22eaedc07a400b
4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9
4b455f1f5679023a814b016d6c2477ec8b340f601faae1d6da6beb113e607d72
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b62fd78e5832abef96cfc24e882441bccf64d650bf30c73031bb806537dc5cb
4be59303a71dba6e02707efdaf510e858b5a703d09811680dbc3fada6c2111c5
4c98398d31cd944d285444f52292b17e7e3f5d07dc0faf88f86f9dc7130b761f
4d4650ca007326deb6524524b7074dd677a0026d75ad55f56df7698a136d9034
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
5009a34e30063ffb89185274681b359ae8c7dac19a606d5b1456ee3524cbc9b0
51961b2c0bdbfaa3f8cb21e59d2ae04e029c44edd84d95e8fb4b67ca55e26b8c
5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07
532ec0a8ff060940d08538210d87e797e29184960d8ec8ecb77d718016a75166
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54adf4588038aa406ce898380a589e4afb4bd8c3b4d152461e1b4641a7443fba
54e870db4fc3846619d5d0c5c7a5f5d686e4765ac6ffdb815b1354419b8ccd9c
5615cdac4c30b1fb905891f5de1e1dcf7745b6b0ec88cfc89360ee48fc240977
56bf0f760c2ff663fc46bd5835dde1654cdd29d06fcebebe1582f4872ba50751
57533e961bdaf5ffaf1146f0c041f0598806607a330000195992f4652d2c1f17
59392172c6f1cf8ea759444b9ae36b146f598177954db71f7ede977a16c05d7b
596e5530d1cf66e097a7a82ab01d9f5d98db99bd6688f8ec9d1775e213e06ef4
5aa829951ee5d3932eb7689133dc79f5e8156cde680637cb6f87cc6c33a46d5b
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5f0171934a868318185fd805252f4d75230bfc623b87e0100a0fb2d97001a048
60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
6181da06e2b03a123413bdc6cf139f8cdaad53ec3d3c36e0b3a930010b3db71c
63bc9667d37a904feb7751646abe3e677541f4de361aab8038776a3f27c988f4
67949cf81b1031891a9ce94e48a4d7f2eb8bf47f945f0eb8b6dadaa1b00d4ca9
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cfa0aa86ba2071144541fb9d26f2504f360d49dc25af11a0b8f1b523a59e48e
6dba8b0a8b40979b0a0f138f3a0e3a2467fc83b1ea89f8b3cc6e3bc599ec3351
6f0b2e96bd88c2d8512dfd204adaf2251376467a1f834a51c66ce85f0051979d
7020a2f35c08a997e1d96da73093b9bb97df210cd9147454c9e38972818724e8
738fdb8a6b4ebd3f4d9f6f245c842758ffc4f3b0cffb9a3907c7f482cf44446a
7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1
785d3e9ea187b7242e1a4365a48c3fd95dd7a469245d24c6769b8d46c4ef4b81
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
78d446715d4b7fc7e8896c8f84aa1b5922c04ede92ff1551c45b7c29a76a0247
7c345c812c6c32c007d7fe0f4968df8f847ea5006e76c8633da70d446b1936a5
7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53
7d12aff8ee5cdb12ff8c234e4ff7168c52d8d7522be165b9c1fc9698f15b2123
7d5c91bba288f8d52bece6eb27a646578f0c935f8890f9f1fb5349060c7ce77b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2
7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322
8092e395138f7b26adbcba6232e3ebb0e29a839b0e7f0f8773ee11fcb294d2bb
80b0a5f7cd77876b8cba22b64a51004354570213a17e39942a8fc0cff220823a
8149b77a96ece76089f6f3203e8931c73b63d1fe943566f42ab6aaf103167fb9
816f0f0a1db908a37d05ec0153492892ccd46a99d2dbe8b6b01df6690934ea9a
841877ad87c6b92f15ea82ac53484bd2f5a1504d3cea91e30e631f874dc3f19e
84de47ed6481524074cd5e375bb773f01b59fa6452539b3b60cdb916914ca0e1
855e3a5b5cb2a84ca1035c027897c394e4bddae973ad0afbdf5e88aed4f6c049
8639604f6b9525e4e14c0dec40129920dc99d2ce640ccd0d5906a142ddd0e248
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
89bb54e03aff26116dd642771d281a558e3bab02d9233ec66e9bac269b6780c5
8aece4bc00bb232af7eb9025ffe6ab936b93b2d7f408fa0ba242831682aa07e2
8f7aad3f361844eb0a2aafdaf0e98f9b22a7d03c9e4df7c036e593c361173eda
912abb0cafbeca44d5b1cf2d9d7fe857a75974e2e42fd2aa125405984bf69953
92c1f9388530e920dbf200485780445a2f19c6b78e9d5215eb4cf42c217a95e8
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
93cf6e96459e42f9f656e03ec4800578dc2c021dcde475c9e5e891a7780b0866
971f611c332c69581c6c65714bba01dce6e8f19a2fcfb8c04f87c60efcae9c69
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
995ba4041c9436244e4dd82e9e6aa2aed22204ab279dfd4f31d0325c5fa10b25
99eafd83dc71117d7a1383b917a4f0f20455203c3c7d48c9b71ab5cfabd4d6a6
9bc52b3c4e9973d64baa482f332ed895f80d0cd2be37e6a49bf1a2e831eb5ac9
9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860
9d2c8f34912c4d2e7f1d5ca8b1a6696c65bea86c646beea1eb550b897c61bf50
9d5c7c2797abbbe48649b55173916f86cfed738676336d6fd2938cee5d519591
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
a0d7310be48b4f4fc33d69c4debdc93c879a9541d61be8f2347c94a77fac19b5
a25c19dbd47bf7b70982d51eb7cb40e12f1ae3070bd04ec5a974e8d2ca8f7736
a2ab001c7323aaf5bf6ba68d2aac9f8e4766144ddc83ae8d64e5b95203321e98
a401a332e7a2cc547d0ce81dc17464bef062e74ca77b3fe22ee2d0808cde9e5c
a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a751e5eaf162f1ffd88318bd3156b6fa5f6cd8fec6885d0d840d1af7dfa7795d
a862e7cf93c40c8509d4b2aaa49a0c6e868f89cc9f6c15fea085eef4190895f6
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aad5b86b7dbbe9b0a901b3f4ce7be4109bc670c591da4cc4b01d951e83263676
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acf2cf05e7750864206310e6dfb30e54d583894e598f432cb6b46baf944eec7c
ad4e2d51cf7f8cad0b33fcae853656fa79fa2da3e9828bdf50895a88d9463259
aea4ed531e389795d8b3a4c2372c7fe9c0ce96225615e791100cd5d7c4837aaa
af9a996c2c81dfd42f250744c203f1c5cea19f97d95529eace340098a6f43eb5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2f7d72587caa4ad01e2dea12665d2e1e83a1a6e3326c0eaec6e2131df0eec86
b536245d5d1912397f06964694ae416b45a26a3bc39021850852c647bee46bab
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8483ea5c1d443e6c3e452a647ccba999dc81051a4ff29b9a7bbbc0aca869d4f
ba563163bac0499b6b7f1a9957224e49cea848a69604ce178a9d34cb46e0a132
bac4ad58a5fd50a805c9b5fb87e844c16c61ea654bf12a8067fef84062ad7d31
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc17aba2e2968927fbdbe26ede920ab0c8405778eaef52b009438a5fcf4ea4e6
bc1aaece65e52f7c2678d2b2699182f51ad003a41780a70f985cace566743912
be82ca442c451af6b0d2e8186a7d57bc7e939bbc6e9504d756d306e71e9d13cd
bf373e2200800bb58f0d08066deec54c76281b8990ef41adb7363518ece0dea1
c1dc79c9fc63ac8a67072ab41d426aea6b6cdc397c3b572168e65c15bd5c0e3c
c26aaa5b7a820c774786f40b28be241ddb4257312745121c33b7428699501002
c4b8bf7d4f053b44c856d7abf00f780c7230dba1513b2640493133e048cebace
c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847
c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196
c815c49731528111127f7705e82a2d7a8ca5b5e1a1a0435af6e7b0407a842928
c87fcac153783ea615f856ad1c0e12791952c39b8ddde7f11fa3d47c0a3b3998
c8b34d1dc6fe4a35430145b91b748edc088120ef291c09a9dea9e62f87ce3af0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c97698b3250cd1b49dbf0a8990a0dc735704a59469b5dcf7960347f7b81483be
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb12197731dc09800fdafd6a73fb48db5b8d62169139184d0b6fc729192fee50
cb14dfe8ae5aaa4a01824e5fc91c51fb3302150e6143796961e266017ac39817
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf37c05fbc57b2215d1d3cf68364b3b49f006e891f8ae4d8f5b355c06a3fbde0
d018c3b7866a6fda120b5799d43d38125cd34c7948a9b8d21366f509e65225bc
d3464756d074e73852d37e33c5113f5091731620ec0429917a74f1d6a80d02d5
d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c
d417b6ed49cb6ae3dfe2b0bab5d865472052cd0286a9478c74cbb09a02a56d0d
d6675584b8707b13eb0754b2439048947105a1395198abeccec14ec8d6e482af
d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623
d878ebabb3e2781a67e68dd513954290a73031c5f08dd17fd4b83f3666ac4ac7
d945db3b417b4db19cba8309582dd7f333976336f0d62bc682e662a8848fe4ee
d9c370831c74b1850d70f5b1c99453d6cda21e5099428a3f21c43bd96c3acb5d
db231971790e0cbafc4b9ea698e905207070577024d8c6485a87576fd79affc1
db3957ef24dc8e7f006157227eb3e0c7a6e8cd1928920da0fc435a86a5a80833
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dd50a069ce44ef76fe45513ec96933c7184f6972416284323e49e68b934712f7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfb10d80519eef92b73d18d564188be9de6b6c95c63ecfda24285082cf0e110c
e075a50ed4fe42b9a1e7c1d52a00c71d205a55fa7278b07648078fd7cd7fd5ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57f584dc164284e3994776f7ddd7de42d54921a30f096ca971f676b2f5942c7
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e92b5c4af8c5c6115f09955c6aa8577a45c65effe782e0593540f09177f69a29
eb44a6c9baae15c389f2ecec670fe71f14475cf243cc72b07f9651a69cbbfcc5
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ec8b1b07980996f574075e1b7e895d5d47794b9dcf345a68d60fbb17034f7bef
ece71cd9595c09fec3d17cf9cd1a2b613f32e48fc6e288214593b5091416cb94
eea6d642e525e9a94e8d44468a6712cda3d0d45a63f199eeecee8c25a9702f2f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff50ee97749192a01ffbe5c7d7b3b88d11cc53dcbd6d659b22b37e8cc0754d7
f14b33b9d5a249b41c2c3ab1065df21780f8d7d681c6a745244848dff1845c58
f16c3ea44afc678d334551e6d587690abe2c70306c21cbd41bf675cefe9efe6c
f173fd421b26d6877143a9120fd91f86cd07e4deaa36b9fb2e04dec261ab3462
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f47902a07709d50785bc53f35008816ad6bd598fbae9c5caaf24c7787d6c1c32
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f7daf92d34ab4b3159b92726a0d12c15ea1dac04811e2536192854ca24271201
f8284fe78808e491ea674ba48a37870d58e6cd86f205b4df9207f53be0c9f9dd
fa0a800e4f12cf06e7c477d5eb466532315003015624f253ca451fe3d6fc6596
fa8d2aa34c3125a0fce865a24d0f39bd388269f4ee2c41786dc6c400a023dbb3
fbf5741c417364f80cfe08290c99d22b0e2483f732aafcdc150d8d38711ee2e9
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

cyble.com Open in urlscan Pro 192.0.78.152 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

278 Requests

91 %HTTPS

0 %IPv6

57 Domains

81 Subdomains

70 IPs

5 Countries

8184 kBTransfer

15768 kBSize

89 Cookies

74 Outgoing links

Redirected requests

278 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cyble.com Open in urlscan Pro
192.0.78.152 Public Scan

Screenshot
Live screenshot

Full Image

278
Requests

91 %
HTTPS

0 %
IPv6

57
Domains

81
Subdomains

70
IPs

5
Countries

8184 kB
Transfer

15768 kB
Size

89
Cookies

278 HTTP transactions
0 data transactions