securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Submission: On November 09 via api (November 9th 2020, 2:25:22 pm UTC) from US

Summary HTTP 207 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 44 IPs in 8 countries across 35 domains to perform 207 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to ONEANDONE-AS Brauerstrasse 48, DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust RSA CA 2018 on March 8th 2020. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
43	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2600:9000:20e... 2600:9000:20eb:8e00:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:219... 2600:9000:2190:7400:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
9	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
11	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
27	104.84.56.24 104.84.56.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:20e... 2600:9000:20eb:8000:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:219... 2600:9000:2190:b600:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	3.121.118.243 3.121.118.243	16509 (AMAZON-02) (AMAZON-02)
2	92.122.188.41 92.122.188.41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	104.90.192.189 104.90.192.189	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2606:4700:20:... 2606:4700:20::681a:a9c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.16.186.66 2.16.186.66	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE)
10	34.196.9.135 34.196.9.135	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:42d... 2600:1f18:42df:3a00:12da:42aa:e6d2:7a87	14618 (AMAZON-AES) (AMAZON-AES)
2	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
2	198.148.27.133 198.148.27.133	19189 (PULSEPOINT) (PULSEPOINT)
2	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	18.158.102.26 18.158.102.26	16509 (AMAZON-02) (AMAZON-02)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 3	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
1	104.19.134.78 104.19.134.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
4	54.153.104.139 54.153.104.139	16509 (AMAZON-02) (AMAZON-02)
5 22	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
2	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
2 5	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
2	23.210.249.92 23.210.249.92	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.29.135.42 185.29.135.42	30419 (MEDIAMATH...) (MEDIAMATH-INC)
12	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
8 8	52.57.230.211 52.57.230.211	16509 (AMAZON-02) (AMAZON-02)
3 3	185.31.128.129 185.31.128.129	54312 (ROCKETFUEL) (ROCKETFUEL)
4 4	52.48.46.226 52.48.46.226	16509 (AMAZON-02) (AMAZON-02)
2 2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
6 7	213.19.147.150 213.19.147.150	26120 (RHYTHMONE) (RHYTHMONE)
2 2	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
207	44

43 2001:8d8:100f:f000::289 (Germany)

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:8e00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:7400:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 104.84.56.24 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-84-56-24.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:8000:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:b600:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.118.243 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-118-243.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.122.188.41 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a92-122-188-41.deploy.static.akamaitechnologies.com

pxlclnmdecom-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.90.192.189 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-192-189.deploy.static.akamaitechnologies.com

adservetx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:a9c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.66 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-66.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.22.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f66.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.196.9.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-9-135.compute-1.amazonaws.com

dt.clnmde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:42df:3a00:12da:42aa:e6d2:7a87 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt6.clnmde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.13 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.133 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.102.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-102-26.eu-central-1.compute.amazonaws.com

ice.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 2 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.134.78 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

87132910b9c6a19ee7061d955a2f044d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.153.104.139 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-153-104-139.us-west-1.compute.amazonaws.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 198.148.27.140 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.92 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.135.42 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.57.230.211 (Frankfurt am Main, Germany) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-230-211.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.31.128.129 (Netherlands) 3 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.48.46.226 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-46-226.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 213.19.147.150 (United Kingdom) 6 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.245 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	securityaffairs.co securityaffairs.co	1 MB
32	media.net contextual.media.net adservetx.media.net lg3.media.net navvy.media.net hblg.media.net	538 KB
17	googlesyndication.com pagead2.googlesyndication.com 87132910b9c6a19ee7061d955a2f044d.safeframe.googlesyndication.com tpc.googlesyndication.com	275 KB
15	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com	892 KB
14	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	14 KB
13	wp.com i0.wp.com i1.wp.com i2.wp.com stats.wp.com pixel.wp.com	153 KB
12	doubleclick.net 7 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	102 KB
11	clnmde.com dt.clnmde.com dt6.clnmde.com	4 KB
8	bidswitch.net 8 redirects x.bidswitch.net	3 KB
7	contextweb.com 2 redirects bid.contextweb.com bh.contextweb.com	3 KB
5	1rx.io 5 redirects sync.1rx.io	3 KB
5	googletagservices.com www.googletagservices.com	128 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	40 KB
4	adsrvr.org 4 redirects match.adsrvr.org	2 KB
4	openx.net pixfuture2-d.openx.net eu-u.openx.net	919 B
4	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	178 B
4	adnxs.com ib.adnxs.com acdn.adnxs.com	1 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	37 KB
3	rfihub.com 3 redirects p.rfihub.com	2 KB
3	google.com adservice.google.com	1 KB
3	google.de adservice.google.de	1 KB
3	advertising.com 2 redirects adserver-us.adtech.advertising.com	801 B
3	akamaihd.net pxlclnmdecom-a.akamaihd.net qsearch-a.akamaihd.net	34 KB
2	adform.net 2 redirects c1.adform.net	590 B
2	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	googleadservices.com partner.googleadservices.com	294 B
2	360yield.com ice.360yield.com	1 KB
2	facebook.net connect.facebook.net	62 KB
1	mgid.com prebid.mgid.com	593 B
1	gravatar.com secure.gravatar.com	1 KB
1	criteo.com gum.criteo.com	382 B
1	consensu.org c.sharethis.mgr.consensu.org
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	5 KB
0	googleapis.com Failed fonts.googleapis.com Failed
207	35

	Domain	Requested by
43	securityaffairs.co	securityaffairs.co
13	contextual.media.net	securityaffairs.co contextual.media.net
12	sync.go.sonobi.com
11	lg3.media.net	securityaffairs.co contextual.media.net
10	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com securepubads.g.doubleclick.net
10	dt.clnmde.com	pxlclnmdecom-a.akamaihd.net securityaffairs.co
9	served-by.pixfuture.com	securityaffairs.co served-by.pixfuture.com pagead2.googlesyndication.com
8	x.bidswitch.net	8 redirects
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
6	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com
5	sync.1rx.io	5 redirects
5	cm.g.doubleclick.net	5 redirects
5	bh.contextweb.com	2 redirects cdn.pixfuture.com
5	www.googletagservices.com	securityaffairs.co securepubads.g.doubleclick.net pagead2.googlesyndication.com
5	i1.wp.com	securityaffairs.co
4	match.adsrvr.org	4 redirects
4	navvy.media.net	contextual.media.net
4	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net securityaffairs.co
3	p.rfihub.com	3 redirects
3	hblg.media.net
3	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	adserver-us.adtech.advertising.com	2 redirects securityaffairs.co
3	www.google-analytics.com	securityaffairs.co www.google-analytics.com
3	i2.wp.com	securityaffairs.co
3	i0.wp.com	securityaffairs.co
2	c1.adform.net	2 redirects
2	sync.targeting.unrulymedia.com	1 redirects
2	sync.mathtag.com	2 redirects
2	ads.pubmatic.com	cdn.pixfuture.com
2	eu-u.openx.net	cdn.pixfuture.com
2	acdn.adnxs.com	cdn.pixfuture.com
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	apex.go.sonobi.com	cdn.pixfuture.com
2	pixfuture2-d.openx.net	cdn.pixfuture.com
2	ice.360yield.com	cdn.pixfuture.com
2	hbopenbid.pubmatic.com	cdn.pixfuture.com
2	bid.contextweb.com	cdn.pixfuture.com
2	ib.adnxs.com	cdn.pixfuture.com
2	pxlclnmdecom-a.akamaihd.net	contextual.media.net pxlclnmdecom-a.akamaihd.net
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	87132910b9c6a19ee7061d955a2f044d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	prebid.mgid.com	cdn.pixfuture.com
1	dt6.clnmde.com	securityaffairs.co
1	qsearch-a.akamaihd.net	securityaffairs.co
1	pixel.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	adservetx.media.net	contextual.media.net
1	gum.criteo.com	contextual.media.net
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
0	fonts.googleapis.com Failed	securityaffairs.co
207	59

This site contains links to these domains. Also see Links.

Domain
www.wmcglobal.com
www.linkedin.com
www.facebook.com
twitter.com
reddit.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust RSA CA 2018	`2020-03-08` - `2021-04-07`	a year	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2020-09-04` - `2020-12-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.clnmde.com Amazon	`2020-06-04` - `2021-07-04`	a year	crt.sh
dt6.clnmde.com Amazon	`2020-04-27` - `2021-05-27`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.360yield.com Amazon	`2020-08-26` - `2021-09-26`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2019-02-01` - `2021-02-04`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-29` - `2021-04-14`	5 months	crt.sh
*.targeting.unrulymedia.com DigiCert SHA2 Secure Server CA	`2020-05-04` - `2022-05-09`	2 years	crt.sh

This page contains 30 frames:

Primary Page: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Frame ID: 0F5A3CB5B74A54CB1D2A181F12A8BEEE
Requests: 106 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal-v2.html
Frame ID: CADA86CE89B53B143C613FA9477C5CE3
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: 18B29402E3948216C7DA42245BDF1B1F
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Frame ID: A972CF2CA948CF7103FACB7B38B2B89E
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HB41O6BH&prvid=77%2C80%2C82%2C97%2C109%2C148%2C175%2C178%2C184%2C188%2C192%2C193%2C201%2C203%2C214%2C222%2C226%2C3008&rtime=8&https=1&usp_status=0&usp_consent=1
Frame ID: 35DBC02F204E227282FC80B7FDE40E55
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: C9334770DE19B65D52E515D093DEEBFF
Requests: 10 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 48137FF4206C78F2509EF1ECF0CFC264
Requests: 18 HTTP requests in this frame

Frame: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Frame ID: ADFBBEA1299B2CBA00FB5E2F59CBDC7F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 84B96D787153D8C91BAF7EB3ACB39187
Requests: 20 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV15477.js
Frame ID: 0702BE11069D9DDD083278615A0DC0E8
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV15477.js
Frame ID: 44C4862F7A1B6C89B0C49310ED815CBC
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 82ABEA34E83F29078EEA3C0A234FC841
Requests: 9 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV15477.js
Frame ID: DEE099BDA4A1ABCA5624C5E3C548A995
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201104/r20190131/zrt_lookup.html
Frame ID: 344C672F16808B2EDA3E266C5830DDC3
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvEb4S7AENwZ4Abw8KxzppIWqFwNP82JlaLWWBK4RyR1POS6xdWQy8VzHxOttyb7Hme_vmyrJYlCpKC4-l3JZyOldpezW9HPwAbAw0YP5ldnIZdZpb3REljysak2FATB2Dh26eAAWz3CyWyKnLAXCycuWeLtOJCxFzZllLrYO8lc0hueZXainZgwZH_Ilg0KI8SjgWEeLX6q778O-mA8nfjFTf9VerUNtfsgxwGZTsf6r0URRazMLXi_CfVfFx3Y48UvTlD7xMG7-HQDPVOpG8935us5nVVWUEqmfwMZgmL5gSKQ0WPiDqFUgO3AQ&sai=AMfl-YQVWOG-UC6G0OfmBwsjyvt30zIQ9sADqVBVSClzEpn3bN1XAOx04waf52OUOREciQnjjiQc6pAO-_Wt1IOBx-cbF6Vym70Ocm5wEQNY1U__BezFaJeS9fY4r0J-yj4&sig=Cg0ArKJSzAShHtrLT22hEAE&urlfix=1&adurl=
Frame ID: 2079D0F0AD93E3AD2B40E5D3A62C7407
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV15477.js
Frame ID: C1EADE7BF6E63266F446801E2D12A810
Requests: 3 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5531
Frame ID: F8D5DBF20A9583849A495839486B12D2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: C0A8D993DC928EB3530EDA894459BE1D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 066A48DE070960630D1F3CE403DE50F5
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
Frame ID: 4832898B165D3B66E83D7D39D92A0EB6
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8BD0CC6E5EC954F1174104D37C6D7303
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 28F80892197EF0DA8B52FA3D1C698AD3
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 6D75C7C8838A21AF9DB45A653EB69E41
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: FC90B1CD0C4535063D89C9F67733EBB8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: FCA756B0852D5A0A05C5907A322A9AD9
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 8978BD5D93105DF5C113AA558709EADC
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 233DFFB56EEEB082FE4BD6C8D0240C4B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 85B76FB70DBE0D4001444FD290865C86
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 08CAD85837E088B289FF082839E0790B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 250274F24078A837DFE895D0AA8DAEBF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

207
Requests

98 %
HTTPS

41 %
IPv6

35
Domains

59
Subdomains

44
IPs

8
Countries

3414 kB
Transfer

5836 kB
Size

19
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection
Title: reads the analysis

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html&text=Creative%20Office%20365%20phishing%20inverts%20images%20to%20avoid%20detection%20bots%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html&title=Creative%20Office%20365%20phishing%20inverts%20images%20to%20avoid%20detection%20bots
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 112

https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A5ce2f1d2-2297-11eb-9854-122c64aa8f2c;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396

Request Chain 159

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492131&pi=t.ma~as.1139220782&w=320&lmt=1604931906&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604931905971&bpp=20&bdt=207&idt=317&shv=r20201104&cbv=r20190131&ptt=5&saldr=sa&cookie=ID%3D04e136036035515d-222356112ab9005d%3AT%3D1604931906%3AS%3DALNI_MYVH1nnTqTGOq058EufK0X4M8jKrw&correlator=6994769032442&frm=21&ife=1&pv=2&ga_vid=2088939211.1604931904&ga_sid=1604931906&ga_hid=262028754&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=1035&biw=1600&bih=1200&isw=320&ish=50&ifk=2019656986&scr_x=0&scr_y=0&eid=21068433%2C21066706%2C44730556&oid=3&pvsid=33792675344121&pem=283&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.8zm2trni3dj4&fsb=1&xpc=zM849LvDKT&p=https%3A//securityaffairs.co&dtd=336 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5531

Request Chain 173

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492128&pi=t.ma~as.1680648786&w=300&lmt=1604931906&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604931906493&bpp=6&bdt=173&idt=225&shv=r20201104&cbv=r20190131&ptt=5&saldr=sa&cookie=ID%3D04e136036035515d-222356112ab9005d%3AT%3D1604931906%3AS%3DALNI_MYVH1nnTqTGOq058EufK0X4M8jKrw&correlator=6994769032442&frm=21&ife=1&pv=1&ga_vid=2088939211.1604931904&ga_sid=1604931907&ga_hid=1014909975&ga_fc=1&iag=63&icsg=650&nhd=3&dssz=7&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=2716&biw=1600&bih=1200&isw=300&ish=250&ifk=1398934220&scr_x=0&scr_y=0&oid=3&pvsid=1654642772438112&pem=283&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.n7d3zvw6qf5f&btvi=1&fsb=1&xpc=nEsmjrVKmM&p=https%3A//securityaffairs.co&dtd=232 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529

Request Chain 182

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=4cd85fa9-5142-4500-9c42-05a43a90bff2

Request Chain 183

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=sonobi HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=1041246337751330528&expires=30&ssp=sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=63fca01c-1550-419f-8ed6-6ab59872bdb1

Request Chain 184

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YzM5YTI3YTAtMzJjMS00YjY5LTk3MTEtYmYyMThkYzE0OGU5 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1

Request Chain 186

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528

Request Chain 187

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2856971095 HTTP 302
https://sync.1rx.io/usersync/tradedesk/1da2a11e-6561-4478-be28-cf4996762e56 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003

Request Chain 188

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c39a27a0-32c1-4b69-9711-bf218dc148e9&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=QmJqTUgwd3IwaGJfaHRPelpSY0huZw&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKa8maFRJRxYvCwW5eZoGNM&google_cver=1

Request Chain 197

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003&rndcb=1296106699 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003&rndcb=1296106699 HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=adconductor HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=adconductor HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=8380723203550161504&ssp=adconductor HTTP 302
https://sync.1rx.io/usersync/bidswitch/87ad9391-c956-4e30-8ba5-207788058c53?gdpr=&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync/bidswitch/87ad9391-c956-4e30-8ba5-207788058c53?zcc=1&dspret=0&cb=1604931908194 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-2dc46f89-d12f-4f0c-9d84-86ec8e958bd5-003

Request Chain 198

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=c0ba5fa9-5143-4d00-ace1-625483b2a5e1

Request Chain 199

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528

Request Chain 200

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82

Request Chain 201

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=63fca01c-1550-419f-8ed6-6ab59872bdb1&google_hm=NjNmY2EwMWMtMTU1MC00MTlmLThlZDYtNmFiNTk4NzJiZGIx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=sonobi&bsw_param=63fca01c-1550-419f-8ed6-6ab59872bdb1&google_hm=NjNmY2EwMWMtMTU1MC00MTlmLThlZDYtNmFiNTk4NzJiZGIx&google_tc= HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESECEw3MwqxHTGf_zGnrqXEFg&google_cver=1&ssp=sonobi&bsw_param=63fca01c-1550-419f-8ed6-6ab59872bdb1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=87ad9391-c956-4e30-8ba5-207788058c53

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZTg0MzNjODUtODY1Ni00YzQyLThiOTUtMDkxOTUxMzdlYjUw HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1

Request Chain 207

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=e8433c85-8656-4c42-8b95-09195137eb50&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=hVM64bSguDBw

207 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request office-365-phishing-inverts-images.html Show response
securityaffairs.co/wordpress/110554/cyber-crime/ 82 KB
22 KB 102ms
77ms Document
text/html 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 131388da120ce67d1568126f80a9963eacd1aa6c87ce8bfbd200fc95970c98fa

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=UTF-8
date: Mon, 09 Nov 2020 14:25:03 GMT
server: Apache
vary: Accept-Encoding,Cookie
x-powered-by: PHP/7.2.34
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/110554>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=110554>; rel=shortlink
content-encoding: gzip

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 64 KB
64 KB 36ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 093fa1b3be5a5ed806dc8873e932ce049231b1b9bab39fb85e63ab8229d57c0b

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Tue, 01 Sep 2020 21:33:33 GMT
server: Apache
etag: "fe23-5ae47455cdf29"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 65059

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 44ms
35ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.9.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Thu, 22 Oct 2020 21:56:11 GMT
server: Apache
etag: "c25-5b249883e14c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 3109

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 27 KB
27 KB 30ms
21ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.9.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Thu, 22 Oct 2020 21:56:11 GMT
server: Apache
etag: "6cdf-5b249883e14c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 27871

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
5 KB 16ms
7ms Stylesheet
text/css 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=d2c1d626d6d17b7c784678224f6cb29e

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
status: 200
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 frontend.css
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/ 7 KB
7 KB 44ms
35ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/frontend.css?ver=1604931219
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 04 Nov 2020 00:33:04 GMT
server: Apache
etag: "1c69-5b33d1f62633e"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 7273

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 47ms
38ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
etag: "4d92-52704407f72c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 19858

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 45ms
37ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
etag: "21b-526fe6d7cd700"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 539

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 46ms
39ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
etag: "1851-5270441180940"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 6225

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 44ms
37ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.13-9993131
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b834a80037718e3da7f92199034dc59611ed774af41f1e84fa1e0d97c4261192

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
etag: "2ca1-597430d7ee92b"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 11425

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 46ms
16ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "6b4-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1716

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 63ms
19ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "4574-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 17780

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 64ms
20ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
etag: "118d-526fe6e527680"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 4493

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 66ms
23ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "14e-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 334

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 72ms
25ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
etag: "1b844-526fe6d7cd700"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 112708

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 109ms
62ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 09 Nov 2020 14:25:03 GMT
server: Apache
x-powered-by: PHP/7.2.34
content-type: text/css; charset: UTF-8;charset=UTF-8

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 72ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
etag: "c5f2-526fe6d6d94c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 50674

GET
H2 200 frontend.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 23 KB
23 KB 72ms
26ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend.js?ver=1604931219
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9b5b9b8b1984a7b55656ca3d243deb436e049467353f6e61e73ac8bd0ab2a636

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 04 Nov 2020 00:33:04 GMT
server: Apache
etag: "5b01-5b33d1f631ebe"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 23297

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 95 KB
95 KB 71ms
26ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Tue, 21 May 2019 21:49:10 GMT
server: Apache
etag: "17a69-5896cd1a361be"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 96873

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 33 KB
33 KB 82ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.9.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: fec6411c0449c2f2b631cdb40900e968c49501f4e92e7b12e75e1e1bc6ed2813

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Thu, 22 Oct 2020 21:56:11 GMT
server: Apache
etag: "8344-5b249883e2460"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 33604

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 741 B
895 B 81ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.8
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Fri, 06 Nov 2020 18:52:54 GMT
server: Apache
etag: "2e5-5b374b8664727"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 741

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 25 KB
8 KB 34ms
9ms Script
application/javascript 2600:9000:20eb:8e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 6d7d8b5166693d824356fd913840d94a4e76e9377f67035401b01c5ed1d23362

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 07 Nov 2020 19:39:59 GMT
content-encoding: gzip
age: 153904
x-cache: Hit from cloudfront
status: 200
content-length: 7332
server: nginx/1.16.1
etag: W/"5f80b334-63df"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA2-C1
x-robots-tag: noindex, nofollow
x-amz-cf-id: C3jQQ7noLVU3JBj732quhhNjnLpLv58NdhRT9-Afd061BBwNswsJvA==
expires: Tue, 10 Nov 2020 19:39:59 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 99 KB
31 KB 44ms
14ms Script
text/javascript 2600:9000:2190:7400:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:7400:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ca435c33acbc343c9a3db08401ea0b95c724474a8deea44bb6cce17b005739a9

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:15:53 GMT
content-encoding: gzip
age: 550
etag: W/"18c2e-6rpOsMxFDVyDuEwBnEXQU9fd1Kk"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
status: 200
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: L7DXzn11ziRI6uUoCL-RylTq8yxjwE9NU9gvvPewjNaOld3LAT682Q==
via: 1.1 d7147e532e5cf73689fcb39fa760bcf3.cloudfront.net (CloudFront)

GET
H2 200 shield-antibot.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
3 KB 82ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shield-antibot.js?ver=10.0.3&mtime=1603749411
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Mon, 26 Oct 2020 21:56:51 GMT
server: Apache
etag: "c00-5b29a01fc2042"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3072

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 17ms
16ms Image
image/png 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
etag: "b0e9-5270743f5f480"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 45289

GET
H/1.1 200
OK headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 3 KB
4 KB 348ms
115ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:04 GMT
Last-Modified: Mon, 26 Oct 2020 19:24:56 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f972288-d42"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 3394
Expires: Wed, 11 Nov 2020 14:25:04 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 73ms
24ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
status: 200
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 25ms
24ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
status: 200
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 24ms
23ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
status: 200
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 reddit.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 25ms
24ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:18:21 GMT
server: nginx
status: 200
etag: "6a02164672eeeebc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png>; rel="canonical"
content-length: 1566
expires: Sat, 11 Jun 2022 08:18:21 GMT

GET
H2 200 pinterest.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
2 KB 24ms
23ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

936c3e0cfba7a07ab55be383aeca9d39dcde7b4e9cddbfd973f78e34d3cc7078

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
status: 200
etag: "68e3fd8215972705"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png>; rel="canonical"
content-length: 1498
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9ec9a8bba6033a826d008ae08eb131a0e9f4f8699615d2a0b0998069ca415a75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: QF4DlygB8B6CjOJUDhhfpg==
status: 200
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 1780
etag: "d0da9e66745917f4b630fb36b3055346"
x-fb-debug: /JJ/MZ6krVB+GtGPwAc6zyxxMD1LJRnp7FAgNwAnF+EV9vittS3fAf8W1GZcnINaKSDKim8zD5xe3Nr2BQlWew==
x-fb-trip-id: 664085054
x-fb-content-md5: 319345b4cb009221687e71b1d88c33e1
date: Mon, 09 Nov 2020 14:25:04 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 14:25:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4156
date: Mon, 09 Nov 2020 13:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Mon, 09 Nov 2020 15:15:48 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 27 KB
28 KB 16ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: ee657fa9cbe48aeeda44b31ed4ae2ca1d021a82e301e36a456eafb7c8dda7fb7

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
last-modified: Tue, 11 Aug 2020 22:24:47 GMT
server: Apache
etag: "6d6a-5aca189f1cc8c"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 28010

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 16ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
etag: "231d-5a22e608152f1"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8989

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 ransomware.jpg
securityaffairs.co/wordpress/wp-content/uploads/2019/06/ 175 KB
176 KB 22ms
18ms Image
image/jpeg 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2019/06/ransomware.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 6828f1bdae5c7b89d801df314049a2d65159a4284ee530e5c848a153eadf8c87

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
last-modified: Wed, 26 Jun 2019 13:32:34 GMT
server: Apache
etag: "2bcb0-58c3a13f98fef"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 179376

GET
H2 200 Rule-41-google-fbi-2.jpg
securityaffairs.co/wordpress/wp-content/uploads/2015/02/ 24 KB
25 KB 24ms
19ms Image
image/jpeg 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/02/Rule-41-google-fbi-2.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d0f54fc7ceba0a3a87836b41b32f92c4410ebbe24f096687ecd267436c2878c7

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
last-modified: Wed, 16 Dec 2015 11:34:42 GMT
server: Apache
etag: "6182-527024ace3880"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 24962

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 483 KB
152 KB 133ms
74ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8095a4e6a6bde1923548e322ec829f77c084bd89b473613d85184d241e4a8f5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h: 12-11
content-encoding: gzip
server: Apache
etag: "e179645ba4baf701dd9014cc6119842c"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=300
date: Mon, 09 Nov 2020 14:25:04 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-3
x-akamai-path-stats: [3:155244:5756:-],[1:47:314953:0],[1:12024:4294963272]
expires: Mon, 09 Nov 2020 14:30:04 GMT

GET
H2 200 Bigbasket-data-leak.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/11/ 12 KB
12 KB 32ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/11/Bigbasket-data-leak.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

903ce9b6f8ccaab71d7136e6f2d0a63cd8a189a1bf76c5466aeb3764ba48602e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Sat, 07 Nov 2020 23:02:18 GMT
server: nginx
status: 200
etag: "635626d478864876"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/11/Bigbasket-data-leak.png>; rel="canonical"
content-length: 11830
expires: Tue, 08 Nov 2022 11:02:18 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 122 KB
122 KB 19ms
18ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Sep 2020 22:37:21 GMT
server: Apache
etag: "1e76e-5af75e92c24d8"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 124782

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Sat, 10 Oct 2020 22:05:37 GMT
server: Apache
etag: "6e0-5b15843e6a4e8"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1760

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 18ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 28 Oct 2020 23:32:56 GMT
server: Apache
etag: "16d-5b2c39545582b"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 365

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Sep 2020 22:37:21 GMT
server: Apache
etag: "792-5af75e92c8298"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1938

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 16ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "3db-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 987

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 16ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "1113-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 4371

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "1fa1-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8097

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 25ms
25ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
etag: "a36-526fe6e33f200"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 2614

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 18ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
etag: "53ae-5270441274b80"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 21422

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
etag: "1f6c-526fe6e527680"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8044

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
etag: "11571-5270441645480"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 71025

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 20ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "2a67-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 10855

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "c18-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3096

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "3225-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 12837

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
etag: "31d4-526fe6e33f200"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 12756

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=d2c1d626d6d17b7c784678224f6cb29e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:03 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "c8e-5826f6315ef61"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3214

GET
H2 200 e-202046.js Show response
stats.wp.com/ 9 KB
3 KB 28ms
25ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202046.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 09 Nov 2020 14:25:04 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 07 Nov 2021 07:51:19 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 195 KB
59 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=a579d142681feb540257771aafc752e1&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b3c067874311b0e0826604e43f39884972f14f61c0f3d965086496a7bfd463d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: pPWrDGsI0mU9dbJ388Dlrg==
status: 200
cross-origin-resource-policy: cross-origin
content-length: 60117
etag: "b3f70152bc40c9b7f906fe5d1a9c5c56"
x-fb-debug: pwfIB08O5fbIgBVcn684wEgzWtPv88bOQaXuBxWhxRLA/japYHWghXZQTqHy/r87vbhCvuWk5uz6hGiboBVlDw==
x-fb-trip-id: 664085054
x-fb-content-md5: cfbb5e5c94deb9309c8dc6155b94fbfc
x-frame-options: DENY
date: Mon, 09 Nov 2020 14:25:04 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Tue, 09 Nov 2021 12:17:07 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 13ms
13ms XHR
text/plain 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1923374361&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Creative%20Office%20365%20phishing%20inverts%20images%20to%20avoid%20detection%20botsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABCAAAAC~&jid=1752254510&gjid=1066434378&cid=2088939211.1604931904&tid=UA-59069958-1&_gid=52806587.1604931904&_r=1&_slc=1&did=dNDMyYj&z=1544224822

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
364 B 61ms
29ms Script
text/javascript 2600:9000:20eb:8000:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8000:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "e6e1643313740711175f51662a65b42f"
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: pQ2oU2KLbJ-TdrM21NLMhpI6FDw7PiERGBTBHbxrd6ONvm2VOSIU6g==

GET
H2 200 analytics.js Show response
google-analytics.com/ 46 KB
18 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2415
date: Mon, 09 Nov 2020 13:44:49 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Mon, 09 Nov 2020 15:44:49 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 8ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1923374361&t=pageview&_s=2&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Creative%20Office%20365%20phishing%20inverts%20images%20to%20avoid%20detection%20botsSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAUABCAAAAC~&jid=&gjid=&cid=2088939211.1604931904&tid=UA-59069958-1&_gid=52806587.1604931904&did=dNDMyYj&z=882154404

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 11:17:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 11251
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 22ms
22ms Font
application/font-woff 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
etag: "ad90-526fe6dc92240"
content-type: application/font-woff
status: 200
accept-ranges: bytes
content-length: 44432

GET
H2 200 portal-v2.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame CADA 0
0 41ms
12ms Document
text/html 2600:9000:2190:b600:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:b600:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /v1.0/cmp/portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-encoding: gzip
last-modified: Thu, 01 Oct 2020 18:27:43 GMT
cache-control: max-age=3600, public
date: Mon, 09 Nov 2020 14:04:09 GMT
etag: W/"83a-174e56b8518"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: -FRhTAQYeBLYXXNRStPYH4GdQ1w6gIeA7sc0iNSVB0CFlqlcHXY6Yw==
age: 1255

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 18B2 6 KB
7 KB 143ms
142ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: ea0f5d6f76c2280afc4a467dae93d8fa36d1ce6c8ce491dde0c9203a6269dd23

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:04 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Wed, 11 Nov 2020 14:25:04 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ 481 KB
151 KB 78ms
78ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

abc6a3677d9cf550a5f52211b5f6f5e3440dc7bb8c2fed463607c82e7ab58449

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-mnt-h: 10-3
content-encoding: gzip
server: Apache
etag: "9f80f0083507fa3f203896147a027176"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=300
date: Mon, 09 Nov 2020 14:25:04 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-9
expires: Mon, 09 Nov 2020 14:30:04 GMT

GET
H2 200 phishing-Office-365-1.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/11/ 65 KB
65 KB 42ms
41ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/11/phishing-Office-365-1.png?resize=1024%2C768&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

cc93088d94bf31e9a15b335fdd7bf6969b7f08e1a0c3571e15481014eeb0ee7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 08 Nov 2020 10:42:06 GMT
server: nginx
status: 200
etag: "bdeb5756dfb63d50"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/11/phishing-Office-365-1.png>; rel="canonical"
content-length: 66096
expires: Tue, 08 Nov 2022 22:42:06 GMT

GET
H2 200 phishing-Office-365-2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/11/ 42 KB
42 KB 42ms
42ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/11/phishing-Office-365-2.png?resize=1024%2C546&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

f58b1701ba7fcf6fb74d840cb8a4c97f4efb95d472df04a71eb7d43b2595b94f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 08 Nov 2020 10:44:47 GMT
server: nginx
status: 200
etag: "616e0868fd6dacd5"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/11/phishing-Office-365-2.png>; rel="canonical"
content-length: 42678
expires: Tue, 08 Nov 2022 22:44:47 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame A972 6 KB
7 KB 313ms
215ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 63887511de2844bdf198ee78040bc15b4425a39950ecf0ea317155525e98c379

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:04 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Wed, 11 Nov 2020 14:25:04 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 107ms
28ms XHR
text/plain 3.121.118.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1604931904437.55388&hostname=securityaffairs.co&location=%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&title=Creative%20Office%20365%20phishing%20inverts%20images%20to%20avoid%20detection%20botsSecurity%20Affairs&sop=false&description=Experts%20spotted%20a%20creative%20Office%20365%20phishing%20campaign%20that%20inverts%20images%20used%20as%20backgrounds%20for%20landing%20pages%20to%20avoid%20getting%20flagged%20as%20malicious.%20Researchers%20at%20WMC%20Global%20have%20spotted%20a%20new%20creative%20Office%20365%20phishing%20campaign%20that%20has%20been%20inverting%20images%20used%20as%20backgrounds%20for%20landing%20pages%20to%20avoid%20getting%20flagged%20as%20malicious%20by%20security%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.118.243 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-118-243.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:04 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK browserfp.min.js Show response
pxlclnmdecom-a.akamaihd.net/javascripts/ 107 KB
33 KB 152ms
67ms Script
text/javascript 92.122.188.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.122.188.41 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a92-122-188-41.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash: ff660368b0ed9c7d71ca4acc7178764ba4a016dc8f2d1611dd0922a90af711c2

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:04 GMT
Content-Encoding: gzip
X-Powered-By: Express
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1800
Cache-Control: max-age=1800
Connection: keep-alive
Content-Length: 33691
X-Akamai-Path-Stats: [3:92320:4294962976]
Expires: Mon, 09 Nov 2020 14:55:04 GMT

GET
H2 200 checksync.php
contextual.media.net/ Frame 35DB 0
0 283ms
283ms Document
text/html 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HB41O6BH&prvid=77%2C80%2C82%2C97%2C109%2C148%2C175%2C178%2C184%2C188%2C192%2C193%2C201%2C203%2C214%2C222%2C226%2C3008&rtime=8&https=1&usp_status=0&usp_consent=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: contextual.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HB41O6BH&prvid=77%2C80%2C82%2C97%2C109%2C148%2C175%2C178%2C184%2C188%2C192%2C193%2C201%2C203%2C214%2C222%2C226%2C3008&rtime=8&https=1&usp_status=0&usp_consent=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Thu, 13 May 2021 14:25:04 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=474080
expires: Sun, 15 Nov 2020 02:06:25 GMT
date: Mon, 09 Nov 2020 14:25:05 GMT
content-length: 4895

GET
H2 200 sync Show response
gum.criteo.com/ 62 B
382 B 47ms
15ms Script
text/javascript 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?r=2&c=321&j=window.hbCMBidxc.mnetRtusId

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

949a74d5c9b30adeb638aed4ee5d24f5249c15761f8e82451fe0e9966a978324

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Mon, 09 Nov 2020 14:25:04 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 622
content-length: 177
expires: 60

GET
H2 200 rtbsmpubs.php Show response
contextual.media.net/ 9 KB
2 KB 186ms
186ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/rtbsmpubs.php?&gdpr=0&gdprconsent=0&usp_enf=1&usp_status=0&cid=8HB41O6BH&region=nv&ptrid=8PREB0781&requestString=959728963*4%7C300x250%7C8CU5BD6EW%7C733976884%7C%40959728963*80%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C%40959728963*175%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C%40959728963*178%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C%40959728963*201%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C%40959728963*203%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C%40959728963*214%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C%40959728963*222%7C300x250%7C8CU5BD6EW%7C733976884_8CU5BD6EW%7C&crid=959728963&sd=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&bl=1&rt=5&dn=https://securityaffairs.co&https=1&act=headerBid&prvReqId=326075411737647201604931904788&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.12780495543674952&ndec=1&scrsize=1600x1200&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A1600%2C%22vh%22%3A1200%2C%22ph%22%3A2709%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

872a7aff33d0ab19ad32920896a285cf2375827b1a15f99247eaa7df1d291a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Mon, 09 Nov 2020 14:25:04 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 1958
x-mnet-hl2: E
expires: Mon, 09 Nov 2020 14:25:04 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 80 KB
24 KB 772ms
772ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=733976884&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&nse=5&vi=1604931904160501416&lw=1&ugd=4&rtbs=1&hlt=1&dfp=1&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b2b347c58c89853494ea4063efb43a3c48bcc3f93e6d0cd49ebbab4d69294616

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 12-12
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Mon, 09 Nov 2020 14:25:05 GMT
x-mnt-w: 10-13, 10-9
content-length: 23829
expires: Mon, 09 Nov 2020 14:30:05 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame C933 55 KB
18 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd163655788c9c08b09b6606801711c47d88613e0a0e73d89ffabb16d6b3820a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "688 / 842 of 1000 / last-modified: 1604924392"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 18123
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:04 GMT

GET
H/1.1 200
OK videoAds.js Show response
adservetx.media.net/ 6 KB
3 KB 87ms
25ms Script
text/javascript 104.90.192.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adservetx.media.net/videoAds.js?cid=8CU5BD6EW&crid=126440378&dn=securityaffairs.co&https=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.192.189 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-192-189.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 3f3f53c7df181558954a6042ad944d1e41bd95c2dfe3a8f1e0429b2062b9cbfe

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:04 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=300
Connection: keep-alive
Content-Length: 2709
Expires: Mon, 09 Nov 2020 14:30:04 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 71ms
63ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=733976884&vi=1604931904160501416&ugd=4&lf=6&cc=CH&sc=ZH&wsip=2886781035&r=1604931904755&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001604931904749031140534833719&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:04 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:04 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 43ms
13ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 643a860832456b5a74825b79d625434b5c4c2a344b8f9bef3614b327bea52646

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Mon, 09 Nov 2020 14:25:04 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Mon, 09 Nov 2020 14:30:04 GMT

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 25ms
25ms Image
text/plain 3.121.118.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1604931904437.55388&hostname=securityaffairs.co&location=%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&title=Creative%20Office%20365%20phishing%20inverts%20images%20to%20avoid%20detection%20botsSecurity%20Affairs&sop=false&description=Experts%20spotted%20a%20creative%20Office%20365%20phishing%20campaign%20that%20inverts%20images%20used%20as%20backgrounds%20for%20landing%20pages%20to%20avoid%20getting%20flagged%20as%20malicious.%20Researchers%20at%20WMC%20Global%20have%20spotted%20a%20new%20creative%20Office%20365%20phishing%20campaign%20that%20has%20been%20inverting%20images%20used%20as%20backgrounds%20for%20landing%20pages%20to%20avoid%20getting%20flagged%20as%20malicious%20by%20security%20%5B%E2%80%A6%5D&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&description=Experts%20spotted%20a%20creative%20Office%20365%20phishing%20campaign%20that%20inverts%20images%20used%20as%20backgrounds%20for%20landing%20pages%20to%20avoid%20getting%20flagged%20as%20malicious.%20Researchers%20at%20WMC%20Global%20have%20spotted%20a%20new%20creative%20Office%20365%20phishing%20campaign%20that%20has%20been%20inverting%20images%20used%20as%20backgrounds%20for%20landing%20pages%20to%20avoid%20getting%20flagged%20as%20malicious%20by%20security%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.118.243 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-118-243.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:04 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 25ms
23ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
status: 200
etag: "156244085faab7d3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 25ms
24ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
status: 200
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 26ms
25ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 09 Nov 2020 14:25:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
status: 200
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 85 KB
24 KB 608ms
608ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=829833831&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&nse=5&vi=1604931904307499353&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

618cf25968659ae00e9ca14d4657708de0b877d9eabdf3bcb549e8c1506780fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 12-12
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Mon, 09 Nov 2020 14:25:05 GMT
x-mnt-w: 8-4, 8-8
content-length: 24172
expires: Mon, 09 Nov 2020 14:30:05 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 82 KB
24 KB 477ms
477ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&nse=5&vi=1604931904234108243&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1b57c7c5d11c85cba3600f0c3289c9b85cd9efa03374655f1967b32588378f87

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 12-12
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Mon, 09 Nov 2020 14:25:05 GMT
x-mnt-w: 10-2, 10-4
content-length: 24449
expires: Mon, 09 Nov 2020 14:30:05 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 85 KB
24 KB 653ms
652ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&nse=5&vi=1604931904414128678&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

78623d1c1b389318ef86cc8c6125f0548fcf0eec68cc79a508d7ca6143072a87

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 12-12
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=300
date: Mon, 09 Nov 2020 14:25:05 GMT
x-mnt-w: 8-16, 8-3
content-length: 24161
expires: Mon, 09 Nov 2020 14:30:05 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 33ms
32ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=829833831&vi=1604931904307499353&ugd=4&lf=6&cc=CH&sc=ZH&lper=100&wsip=2886780938&r=1604931904900&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001604931904896031140534832629&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:04 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:04 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 33ms
32ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1604931904234108243&ugd=4&lf=6&cc=CH&sc=ZH&wsip=2886780938&r=1604931904906&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001604931904902031140534832140&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:04 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:04 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 34ms
33ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1604931904414128678&ugd=4&lf=6&cc=CH&sc=ZH&lper=100&wsip=2886780938&r=1604931904910&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001604931904908031140534838091&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:04 GMT
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:04 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
97 B 23ms
23ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.0.2&blog=29506073&post=110554&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=1267&rand=0.46758333785252026
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 09 Nov 2020 14:25:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 4813 37 KB
37 KB 155ms
133ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da964f62d626d1d0d8a931e4fa1d5e21c7e755ba4d152bffd3532ea611024fb6

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
content-length: 37977
cf-request-id: 064efe7e0800002bcacb21e000000001
last-modified: Mon, 02 Nov 2020 17:01:36 GMT
server: cloudflare
etag: "5fa03b70-9459"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HkO5LlwmfbzXlvPcBITk42sqb%2FeQXHBu6tnVdil4pvBf4svxe0IXxUfwly3zTgZJv0Tq94EFHUZVj77gYIu2yGJV2TY9p7aagkUsNbJMYkR8IBfVOxcBoXC%2BWdArPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5ef833767f5b2bca-FRA
expires: Wed, 11 Nov 2020 14:25:05 GMT

GET
H2 200 prebid_uids2.js Show response
cdn.pixfuture.com/ Frame 4813 307 KB
308 KB 125ms
104ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0d3d5e8244dc1528570498005e8b963908ad2efe06639f7fb3bfaeec5a10daa

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
content-length: 314663
cf-request-id: 064efe7e0800002bca063ab000000001
last-modified: Thu, 29 Oct 2020 18:44:42 GMT
server: cloudflare
etag: "5f9b0d9a-4cd27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dDsmbd%2Bem8qdg4STYtz1wTI9MV8RK1vFZXDR6u9t031WdDwtsMLC0qo67DD%2F1P77lbOMLGsuD0mxqWGqqtMDJ2VyaXoHrpg0FInA3bQeQpVUs%2BSr9Of2%2BrvHBYY3vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5ef833767f5f2bca-FRA
expires: Wed, 11 Nov 2020 14:25:05 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ 35 B
329 B 111ms
30ms Image
image/gif 2.16.186.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=videoerror&cid=8CU5BD6EW&crid=null&dn=securityaffairs.co&REASON=33&ACTION=0&visitorId=DefVid&dc=2&adtagId=126440378&bidder_id=99999&biddertagid=99999&bsr=Chrome_83&dt=desktop&os=MAC&id=00001604931905013029682750556866&purl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.66 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-186-66.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:05 GMT
Server: Jetty(9.4.25.v20191220)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 09 Nov 2020 14:25:05 GMT

GET
H2 200 pubads_impl_2020110201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C933 274 KB
97 KB 93ms
34ms Script
text/javascript 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

sffe /

Resource Hash

bff72ff19963fb873cb8248c567f746a096cf4bd4999f0ec160742f88d1df0b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 02 Nov 2020 09:40:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98810
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:05 GMT

GET
H/1.1 200
OK bfp_ssn.js
pxlclnmdecom-a.akamaihd.net/javascripts/ Frame ADFB 0
0 35ms
35ms Document
text/html 92.122.188.41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.122.188.41 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a92-122-188-41.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash

Request headers

Host: pxlclnmdecom-a.akamaihd.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Content-Type: text/html; charset=utf-8
X-Powered-By: Express
Vary: Accept-Encoding
X-Akamai-Path-Stats: [3:89537:4294966759],[1:600:1400]
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Cache-Control: max-age=1800
Expires: Mon, 09 Nov 2020 14:55:05 GMT
Date: Mon, 09 Nov 2020 14:25:05 GMT
Content-Length: 3752
Connection: keep-alive

POST
H2 200 ptmdP
dt.clnmde.com/ 7 B
328 B 377ms
130ms Other
text/html 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/ptmdP
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
vary: Accept-Encoding
status: 200
x-powered-by: Express
etag: W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 7

GET
H2 200 cenw.js Show response
dt.clnmde.com/ 36 B
361 B 365ms
121ms XHR
text/html 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/cenw.js?identifier=bafp
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3615bf76fc1c571a93f8e97480a71b8371049f3d3dee83ced8c6d2f9bb62eb2

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
vary: Accept-Encoding
status: 200
x-powered-by: Express
etag: W/"24-Z0Egv5dQQJHLDTnrve5axw"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 36

GET
H2 200 ptmdDual
dt6.clnmde.com/ 70 B
331 B 278ms
89ms Image
image/gif 2600:1f18:42df:3a00:12da:42aa:e6d2:7a87
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt6.clnmde.com/ptmdDual?t=%7B%22gh%22%3A%22160493190504134115252858%22%2C%22za%22%3A1%2C%22gcd%22%3A1604931905056%2C%22al%22%3A3%2C%22bcnd%22%3A1%7D
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:42df:3a00:12da:42aa:e6d2:7a87 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 359ms
125ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgxmAWDWIFwG0QDYAsB2ZBmLAGATOiADQjo4CcmAHNaiSNfhdTqwIwgC6pADgJYATAC7wkuBhNISeIAE4BTAGYBVOQBtRiEA12yAznLBrNYkJGHDe+gKRYAgjfwAxJ8-0KwAVzn9hATwBDJSVA-jl9ADowAHs3AHcYuUFeRX1bF3Z2XABWHNQ3MH8AIwU5AFowXwBbBTcYkP4wBXKsZBzy3kh+fW6AOwBzcv4+gDcy4X1h6sCBhSiLavU7Z3iFYoB9Uf4FeLsAEWE5LwUGCytbBzc3D29fAODQ8KjYhKSUtIznLNz8wpKypUanUXA0lE0Wm0Ol0ev0hiNxnJJtNZvNIotllhVustjs9lhDsdTrJRvoNkItAg+l51OpiNTabJIKTySIzLgObh2MhcKgKFh2BReULqLgBexULksKhWKKKJxpJzucKBUKMHyxVlJTlpawsOhBdxSN59MJWZTGABhFQ5ABC+2QAFEAOoMajWu0Ol1G8ByUZmYAAHRQGGweEIwbgQZAAV4CkjwaqrODxGD22T8GDyr5qt5qAl7Hw1GQ6GoKeDzLJQgTIE5XJ5OcFwtwovF2t1WDl7GDAF8ewxo+QsFRkLRUJHo7H45nfRnUyB09WZ9n+U38zyclz1+XzCyl3Bg3WV7n1UK21KZTgDRRe-2DMJAsIvPoxKhiDh32+sDl38h3+h32od8KGIL8sE-d8fzaf9AOA0D33A6VZAAL0CeB2D4AZ4AXBgFDGbDeAYAZIGw48m03fNpSyHJ8Bo6gcmoBhJlI1BmFFdBUGQWiGIYUlsOQSJcEifUFRAQJ1HgcCQCUMB4HKDCQAUYR+HQhtVzVUhTSwuBcE02A4BAMi1Q2fVkCFdhMHaZBkFw-hCIM9h6MidgcgEiycmc3AiFIBQvDQuAFK8FSdJ80YJMQUA+kCWpsOKIRBDKVkGEER9-NAOLBASuQkrgBk6QXfgcsMtST3zfMixLRi+wMdRTVIkryLFGzSHUJR0NIRdBHqlU1zwDiKH5HUGBNM0hGw90bXtJ1XVIAZZIChqhU3DjSAAR1OALSHBeB8B7IA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
331 B 353ms
124ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgzgTgxgqhA2AXEAuA2iAFoxAHMApAMwCCBATAGIWVgCmUArhAJaICeAhgGbecsQwAOigB7GgHdREACa4IdMISoBGFQAYArJoAsNKOwBGdCAFoorALZ0ao3iyh1TRAGybTuTCzBeAdgHNTFl8ANxNEMCDLTn9FIWxLeGJKCTpDAH0QljoJYgARRAhGOhAAGiwcfGIyKhp6JlYOHj4BYTFJaTkFJRo1LV19IxNzKxsqO24HJ1d3T28-QOCwiAiomLiEpKIUtMzs3KICopLy7DxCUho6hmY2Ll5+QRFxKilZeUVlSj7tPSoDYxmCwsay2eyOZxuDxeHzBRahcKREHrYSbZKpDJZHL5QrFEAAXXKITA6RYMmQ6F8jHg8EJWGJpPJqAw6lZ6hULnUOgAnEQVNyuQAObmcvkqHRaIg6QVEcgucjcgnlJhgRCMikYQUAYRgmgAQnkXABRADqSpAFhCzJAwAAOiBBQqZUQZSp7Sg7SAOLg6O77RZGfbSvasoHUPaOVzefyuUR1AB2Hm8zREIP2zAMsl+kBs9mcnl8gXSkXqMUSlPS2Xy7n2gC+tfNUCgmAA1taVIKdLK+bpzbgyRqc+aFNw4EhrebVZxEIwwMyiJpSq4l-Gl4Kl9zSjol0Qlzo6QAvTioFTlXD+VAgK3lOihS+4MogfyYS+RgsxzRclRStSach-wVNEFR8IlfHQnQTHR5W0YCiTnFAQBcIR1CEIh4xUR9OHgVBdxAbgoFQUxTxAOhEBYE982jItylVC8UHUGi2wQt8qK5dI0JcAUVHjFw3F4x86BYB9mMAoQVE0JDuM0MSEwExhjxQYjGHI+ibxCbD0FAXxOGsS9DDJGQTEZR8ZGnBTQH0mRDIgYyUCpGkiRYWyQBYwsuR0cUVHIQUXHjYD61KLSdJKBDLOs4zylMxBzJAMKjLJVB7PgRznNcmMu0g7lkyIEB6zpMB4FVV9KLcz9XEfeBuBPFKEuYkr0vIH91EdLtHxVNVaodHV9UNU1H38AjFPqgVP0FBiQAARxC4jJhw2sgA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 84B9 37 KB
37 KB 112ms
111ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da964f62d626d1d0d8a931e4fa1d5e21c7e755ba4d152bffd3532ea611024fb6

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
content-length: 37977
cf-request-id: 064efe7e4900002bcad89eb000000001
last-modified: Mon, 02 Nov 2020 17:01:36 GMT
server: cloudflare
etag: "5fa03b70-9459"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tEZzZGKyXvrzlq8A6JTC2hmTeO8HxpwfEMqLc0AvcSxYO%2FBvvmVgkWcfamfuQF2FWIcaMrNIraiKohiOgD0CnHJnnwKXKWoPxKp95IPbA0eKUyd%2FJuC5C52TY5AzlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5ef83376d86f2bca-FRA
expires: Wed, 11 Nov 2020 14:25:05 GMT

GET
H2 200 prebid_uids2.js Show response
cdn.pixfuture.com/ Frame 84B9 307 KB
308 KB 129ms
129ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=creative,office,365,phishing,inverts,images,avoid,detection,botssecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0d3d5e8244dc1528570498005e8b963908ad2efe06639f7fb3bfaeec5a10daa

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
content-length: 314663
cf-request-id: 064efe7e4900002bcafd302000000001
last-modified: Thu, 29 Oct 2020 18:44:42 GMT
server: cloudflare
etag: "5f9b0d9a-4cd27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1YRmWXOUjSzZzdZ4NYN1PUynCy3ijqVh%2BCIGem35blXM261bQWjNYUs0mbytxztexLGOMr%2BZPyDCeZc9BfjLOnG%2B7Es82lMcOdQyrZCfyIpkNapnBTzPaiEo3PqjpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5ef83376d8722bca-FRA
expires: Wed, 11 Nov 2020 14:25:05 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 4813 87 KB
88 KB 114ms
114ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
content-length: 89476
cf-request-id: 064efe7ef400002bcaa4a10000000001
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zNGW4n9ZSZ5pI5DZ1TTqu1ETw2oHsjBELFYGgcBculiPOumNnd3%2F70l6Wwj500Zv4BICpuTJRXPeIzVGxKZjOCoJzM89rP%2B%2FRJ5yBFGa0JDqn3Mu96FPcd2oIfTpbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5ef83377eb742bca-FRA
expires: Wed, 11 Nov 2020 14:25:05 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4813 19 B
717 B 217ms
142ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:05 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.17:80
AN-X-Request-Uuid: 5930a166-0cc9-46ab-8532-4b6eaa57411d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame 4813 0
347 B 358ms
140ms XHR
text/plain 198.148.27.133
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.133 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
server: envoy
status: 204
cwdl: 22/120
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 31
cw-server: bid-deployment-cd47dcd94-dgzzt

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 4813 0
61 B 164ms
102ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 09 Nov 2020 14:25:04 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co

GET
H2 200 hb Show response
ice.360yield.com/ Frame 4813 98 B
515 B 108ms
60ms XHR
application/json 18.158.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2213598d9feb02fb4%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2288fbd0baeeacff%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22pid%22%3A22292114%2C%22tid%22%3A%22fc8d4031-4d0f-442a-87c5-628f4f84eed3%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.102.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-102-26.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 01a15643fbfd8ef3298e03c1e28adcb14ac074a9abb37c6f25a8840824a2d507

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Mon, 09 Nov 2020 14:25:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co
content-type: application/json; charset=UTF-8
content-length: 98
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 4813 173 B
357 B 175ms
128ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=fc8d4031-4d0f-442a-87c5-628f4f84eed3&nocache=1604931905299&gdpr=0&pubcid=9ff634a0-83a9-4392-a7e8-cfb067760554&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divIds=24272x320x50x4142x_ADSLOT1&auid=540580841&tps=bXlrZXl3b3JkPWNyZWF0aXZlLG9mZmljZSwzNjUscGhpc2hpbmcsaW52ZXJ0cyxpbWFnZXMsYXZvaWQsZGV0ZWN0aW9uLGJvdHNzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPWNyZWF0aXZlLG9mZmljZSwzNjUscGhpc2hpbmcsaW52ZXJ0cyxpbWFnZXMsYXZvaWQsZGV0ZWN0aW9uLGJvdHNzZWN1cml0eSxhZmZhaXJz
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.197.0 /
Resource Hash: 846cba34fc928290d11782bcb469204abc75a94f1840b520488638ccf07f8b1e

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:05 GMT
content-encoding: gzip
server: OXGW/16.197.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 4813 1 KB
2 KB 181ms
80ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2212289661a6ff98c%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.1%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&s=e26d58c4-71df-491e-8403-095e35233000&pv=42c1f0d9-b71f-4747-bdc6-7143c5d88e7d&vp=mobile&lib_name=prebid&lib_v=3.25.0&us=0&ius=1&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=creative%2Coffice%2C365%2Cphishing%2Cinverts%2Cimages%2Cavoid%2Cdetection%2Cbotssecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

47a084426d419f43b538adfc46d2b8b50e0bb4e7d3ae1794676031e55be9c270

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:05 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-128
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 589
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 84B9 87 KB
88 KB 116ms
114ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
content-length: 89476
cf-request-id: 064efe7f6e00002bca9285d000000001
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qqm8LZbz0HSc1JRTIucnKMDZaYXopGeTF2BPHR2T42jVltooBgZCZasTePL5PhMqqe9Ru59PO0GW3VbKpRTIUy5iO%2F0VD5u6a%2FajAVvU1eBXZS%2F8X5WiMSLvjHKIZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 5ef83378ad752bca-FRA
expires: Wed, 11 Nov 2020 14:25:05 GMT

GET
H2

200

ADTECH;apid=1A5ce2f1d2-2297-11eb-9854-122c64aa8f2c;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ Frame 84B9
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396;
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396
https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A5ce2f1d2-2297-11eb-9854-122c64aa8f2c;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=16049...

48 B
128 B

106ms
106ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A5ce2f1d2-2297-11eb-9854-122c64aa8f2c;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: dbe496df58637637fcddcd37377b4d2094eb2557c9d595e23b0c79b23ad8fb1a

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: https://securityaffairs.co
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 48
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:05 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/9834/3344884/0/0/ADTECH;apid=1A5ce2f1d2-2297-11eb-9854-122c64aa8f2c;cfp=1;rndc=1604931905;v=2;cmd=bid;cors=yes;alias=17ef4b6f445fc78;misc=1604931905396
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://securityaffairs.co
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 hb Show response
ice.360yield.com/ Frame 84B9 98 B
515 B 74ms
73ms XHR
application/json 18.158.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%221831e92ad923324%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2245679be08e6497%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22pid%22%3A22254128%2C%22tid%22%3A%22ab648c54-7510-47ed-b160-bcb75d497a07%22%2C%22banner%22%3A%7B%7D%7D%5D%7D%7D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.102.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-102-26.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c22b0e2c4777fc1e56c64d8e4b2501069c3addae0a9c11c4795ebe4d22ca851f

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Mon, 09 Nov 2020 14:25:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co
content-type: application/json; charset=UTF-8
content-length: 98
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 84B9 1 KB
2 KB 203ms
143ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2267698026a338ef%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.1%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&s=6aefb03e-2fe7-438f-b562-5d89f21b30ec&pv=7557c74f-7a13-489c-afd4-b91ece718bbe&vp=mobile&lib_name=prebid&lib_v=3.25.0&us=0&ius=1&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=creative%2Coffice%2C365%2Cphishing%2Cinverts%2Cimages%2Cavoid%2Cdetection%2Cbotssecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

f7de5c5dc312f8acafd60014578219e0866db1cec0bd90482c8b6e4e49137d04

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:05 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 591
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 84B9 19 B
718 B 111ms
40ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:05 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.236:80
AN-X-Request-Uuid: 2c4a4594-3a1c-4b1d-8041-42f12f1f0167
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 84B9 0
117 B 47ms
46ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 09 Nov 2020 14:25:05 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://securityaffairs.co

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 84B9 173 B
562 B 67ms
67ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=ab648c54-7510-47ed-b160-bcb75d497a07&nocache=1604931905401&gdpr=0&pubcid=9ff634a0-83a9-4392-a7e8-cfb067760554&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divIds=24270x300x250x4142x_ADSLOT1&auid=540580840&tps=bXlrZXl3b3JkPWNyZWF0aXZlLG9mZmljZSwzNjUscGhpc2hpbmcsaW52ZXJ0cyxpbWFnZXMsYXZvaWQsZGV0ZWN0aW9uLGJvdHNzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPWNyZWF0aXZlLG9mZmljZSwzNjUscGhpc2hpbmcsaW52ZXJ0cyxpbWFnZXMsYXZvaWQsZGV0ZWN0aW9uLGJvdHNzZWN1cml0eSxhZmZhaXJz
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.197.0 /
Resource Hash: 554d0469dde9956750ad1911c1396472421bfeb5698a7233bb8ffe528da96a8c

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:05 GMT
content-encoding: gzip
server: OXGW/16.197.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 2 Show response
prebid.mgid.com/prebid/ Frame 84B9 0
593 B 131ms
84ms XHR
text/plain 104.19.134.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.mgid.com/prebid/2
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.134.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:05 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 79f3c2d0-8b54-4cac-8ea1-87580dbab97e
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 204
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://securityaffairs.co
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 5ef833792f9bcc3a-ZRH
cf-request-id: 064efe7fbb0000cc3a69b63000000001
server: cloudflare

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame 84B9 0
503 B 232ms
122ms XHR
text/plain 198.148.27.133
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.133 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
server: envoy
status: 204
cwdl: 22/120
access-control-allow-origin: https://securityaffairs.co
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
cw-server: bid-deployment-cd47dcd94-fg6lz

GET
H2 200 nrrV15477.js Show response
contextual.media.net/4a/ Frame 0702 99 KB
32 KB 44ms
43ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV15477.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f51dca24bab78f0440feb96638dcb951fdb5e2ef6b80f201bd7636a80096d253

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "28c1e04ceae885ace553dd756e8e54bb"
vary: Accept-Encoding
x-mnet-h: 8-19
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=1209600
date: Mon, 09 Nov 2020 14:25:05 GMT
content-length: 32065
expires: Mon, 23 Nov 2020 14:25:05 GMT

GET
DATA 200
OK truncated
/ Frame 0702 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0702 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame 0702 2 KB
2 KB 218ms
167ms Font
application/font-woff 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
status: 200
strict-transport-security: max-age=604800
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1792
expires: Tue, 10 Nov 2020 14:25:05 GMT

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 131ms
131ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgzgTgxgqhA2AXEAuA2iAFoxAHMApAMwCCBATAGIWVgCmUArhAJaICeAhgGbecsQwAOigB7GgHdREACa4IdMISoBGFQAYArJoAsNKOwBGdCAFoorALZ0ao3iyh1TRAGybTuTCzBeAdgHNTFl8ANxNEMCDLTn9FIWxLeGJKCTpDAH0QljoJYgARRAhGOhAAGiwcfGIyKhp6JlYOHj4BYTFJaTkFJRo1LV19IxNzKxsqO24HJ1d3T28-QOCwiAiomLiEpKIUtMzs3KICopLy7DxCUho6hmY2Ll5+QRFxKilZeUVlSj7tPSoDYxmCwsay2eyOZxuDxeHzBRahcKREHrYSbZKpDJZHL5QrFMoVc7VK5Ueq3JoPVrPDrvbpfH4Df5DIGjMGTCEzaHzOFBBErJHRWKoxCJdG7LEHI54gC65RCYHSLBkyHQvkY8HgMqwcoVStQGHUBvUKhc6h0AE4iCozabreR1JaVDotEQdAAOIjkR3qECaphgRA65UYV0AYRgmgAQnkXABRADqPvKFhCepAwAAOiAVK6dB7LbpMygMyAOLg6IXMxYdZnSpmstXUJnjTbLdadOQXRpXeRczXM5htYqKyBDUaTebWzb1HaHU7NC73Z6nZmAL4rxMgXycPXts3mlwAdnILh0pRULvUroP9rNpXnBpz7vUmq3YFQ5FvIBYnEseuf5W-N8UFdcoAA9uFQEcXG4FQoA-GRDHIOCD00bs0iIQxXVNGDyE0FwPWvfFwOVEB3ToFw6DNM1DG4J1DAPHQXA7bgoCITRz24GR1CgTRbRkfEWBTFB1CETRyn9ThEEYIC0DY0pXHkg95JAohbw-eT1DPM1NQAL23FAVHKXB-EglNyjoUJINwfF-EwSDmwnK0tFNc8dDUTRcPIV1UPxCJ7N3LCGKY7RXXxOVIJcIQRKIA8VHxTh4FQIhyhY1BTEMkA6EQFhUAci0nNPcBEBM4TxIAa3s8d8rbdIYpca0VAPFw3Ga-E6BYayUCzbyhBUPDepQ3r1APNrGH0jLGBy0rMpCRL0FALdrEgwxFRkEwdXxGRJP00AVpkNaIA2lBVXVWUWCOrMqsnHQ3LcrzD1CtdSgWn8Si6vaDo28otsQHaQA+9bFVQE74DOi68uuohhvNC15xAJ6XqW97VsB-jvu21BdpRw6geOtVQZAetcculsCo7NzLx7Ih4ZXTUwHgf1KtJ61NHtFx8XgCCDLB4mIbJztKdzfE-QDYnQ3DKNYwTcp-CgXKrqczQGM0kAAEc3oyyZUB0FcgA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H2 200 nrrV15477.js Show response
contextual.media.net/4a/ Frame 44C4 99 KB
32 KB 48ms
47ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV15477.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f51dca24bab78f0440feb96638dcb951fdb5e2ef6b80f201bd7636a80096d253

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "28c1e04ceae885ace553dd756e8e54bb"
vary: Accept-Encoding
x-mnet-h: 8-19
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=1209600
date: Mon, 09 Nov 2020 14:25:05 GMT
content-length: 32065
expires: Mon, 23 Nov 2020 14:25:05 GMT

GET
DATA 200
OK truncated
/ Frame 44C4 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 44C4 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 44C4 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 82AB 92 KB
32 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60703938a4092034ac398dac0d2cdc29dc7633200013f7d1bd93b4d5834f41b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 32599
x-xss-protection: 0
server: cafe
etag: 15281050947629156512
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 14:25:05 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 4813 3 KB
3 KB 116ms
116ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v204
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:05 GMT
Last-Modified: Mon, 06 Jul 2020 13:30:16 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f032768-a4e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2638
Expires: Wed, 11 Nov 2020 14:25:05 GMT

GET
H2 200 nrrV15477.js Show response
contextual.media.net/4a/ Frame DEE0 99 KB
32 KB 42ms
41ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV15477.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f51dca24bab78f0440feb96638dcb951fdb5e2ef6b80f201bd7636a80096d253

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "28c1e04ceae885ace553dd756e8e54bb"
vary: Accept-Encoding
x-mnet-h: 8-19
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=1209600
date: Mon, 09 Nov 2020 14:25:05 GMT
content-length: 32065
expires: Mon, 23 Nov 2020 14:25:05 GMT

GET
DATA 200
OK truncated
/ Frame DEE0 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DEE0 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DEE0 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame C933 109 B
168 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame C933 109 B
168 B 17ms
16ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame C933 4 KB
3 KB 185ms
152ms XHR
text/plain 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3595775543418185&correlator=2747622394301165&output=ldjh&impl=fif&eid=21065517%2C21067448%2C21068418%2C21068442&vrg=2020110201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201109&iu_parts=45361917%2C8CU5BD6EW-733976884-300x250_inside_post_yahoo_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=crid%3D733976884%26mnet_segment%3D0.05%26mnet_variant%3D426%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DCH%26mnet_bucketid%3Db3%26mnet_ref_ybn%3D1%26mnet_pid%3D8PRHGG6T9%26fp%3Dqcqk&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1604931905940&dlt=1604931904795&idt=579&ea=0&frm=23&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1297435474&ucis=vvvvw92y5tqx&ifi=1&ifk=2490645512&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=0x0&ga_vid=2088939211.1604931904&ga_sid=1604931906&ga_hid=1499017675&ga_fc=true&fws=256&ohw=0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

fa69e3130c45adc1cc943859b9db57f3917d48120ad366d480d15dd742e5a843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2615
x-xss-protection: 0
google-lineitem-id: 731757437
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 33134182877
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
87132910b9c6a19ee7061d955a2f044d.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame C933 0
0 67ms
13ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://87132910b9c6a19ee7061d955a2f044d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 0702 15 B
216 B 29ms
28ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001604931904902031140534832140&geo=47.37|8.55&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYFciMDU46nvy2opS-U9xcaashUNJQJOzs6Lwc0KeJJXbtMF4Lp-yocWIrxqATyqG3JznbsCjlJst&lpid=&tsid=1&q=&prv=&type=&ps=&cme=wkAyRkuQ-gHAY9iqKwu5Usk9ahrRmWN-hLJAdEV_WiTPR8Hw1hDX8dYXQnodrNNm6ieK3w2j3rpze4RgYaqvTrbkuviyeOvssYcVGAPJsRlLQWZxcW8maZQYlMrKaJyGOfKE44bS-HqCR_YomWQDop7QoIy7TJMt5puOzO9Hgzj6bpwvHbbeyEUyTUSQe5VqAY98k1mL8gk%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ%3D%7CN7fu2vKt8_s%3D%7CKrfxeDvrAqHIY3Xns2VB5wuadTXC2TegYHAe7ckBlWPd8c8rm92Vjsi4RsKY_ZaNcuWD3VrlG6oo08hflBuXyrP7iNMk5l_ceY-1I4WomeIw36MI9KQ1G3IdPcvJcI7p4XCuPw32sgGjvsTsQxP6gsPQ3MC3sl09AQwPHQOq381Zwfp3WjWjV4yILdeQiyi2VX8u7nqH6ma4ax7nqHwjeA%3D%3D%7C&hint=&td=&cc=CH&wsip=2887305228&bca=0&ugd=4&vgd_chost=contextual.media.net&vgde_setid=Nu9&&rc=0&ksu=207&fdkt=439&kwd[]=Download%20Microsoft%20Office%202020&kwt[]=439&kbc[]=1204155511&kwp[]=1&kid[]=329901851&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=2&kid[]=68172923&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.32%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Deals%20on%20Microsoft%20Office%20365&kwt[]=439&kbc[]=1204155511&kwp[]=3&kid[]=329708246&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Certifications&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172844&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.39%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Cyber%20Crime%20Laws&kwt[]=439&kbc[]=1202993920&kwp[]=5&kid[]=7535110&kbc2[]=c%3D2%7C%7Claw%20%26%20government%20%3E%20public%20safety%20%3E%20crime%20%26%20justice%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.956%7C%7Crpc%3D0.04%7C%7Clvl%3D1.00&ktd[]=563224848503040&rand=1604931905854&cid=8CU5BD6EW&vwid=1604931904234108243&vi=1604931904234108243&l3ch=0&slnkp=no&tdAdd[]=rtbsd%3D6&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1604931904162396251&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1604931904902&upk=1604931905.6864&hvsid=00001604931904902031140534832140&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1604929809C8S4U983&vgd_isiolc=1&npgv=1&rtbsd=6&pid=8PO5M70HK&katen=1&pc=100&matm=1604931905861&vgd_ltime=1052&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305230&vgd_nrrsf=nrr&vgd_nrrv=15477&vgd_nrrs=15477&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=4251&vgd_cty=ZURICH&vgd_l1hcsd=C11%7C7430&vgd_sethcsd=C12%7C7514&vgd_fdimpl=1&vgd_cfud=200205&vgd_is_amp=0&vgd_icat=602&vgd_spcat=500497&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1604931904234108243%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f110554%252fcyber-crime%252foffice-365-phishing-inverts-images.html%253fweb_view%253dtrue%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
status: 200
date: Mon, 09 Nov 2020 14:25:05 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:05 GMT

POST
H2 200 log
navvy.media.net/ Frame 0702 807 B
998 B 604ms
224ms Other
image/gif 54.153.104.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.153.104.139 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-153-104-139.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.7.v20170914)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 44C4 15 B
216 B 29ms
28ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001604931904896031140534832629&geo=47.37|8.55&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYFciMDU46nvy2opS-U9xcaashUNJQJOzs6Lwc0KeJJXbtMF4Lp-yocVZKFcpzIPVBUrfPPN46IA_&lpid=&tsid=1&q=&prv=&type=&ps=&cme=5QuC1QKrulSS0JM67d-5kG2ULdtJ0z9q-8HqMDuDTecpB9CePorqG8Vw9YDVw9nfSMHS6zWXA_MAOqMhn28bvu_RxpHEUAWKv1Ojapvml8N0ykjwFzsyosM7VzdspZFdsyYQmbHjFH1cyb2XKw68_UGr0N2yDJmqIPkNC52capzrabrIysA0yuGaGx7mjbEphGF6qDpuLf4%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ%3D%7CN7fu2vKt8_s%3D%7CMxJ44Ee5mkFub9p3Ax1TXl224Ys9AzBmbX6Q96bJoHjfqan1aCZb3bxep_KHQzMs4ffBwWLtVbg1v1G1vNYM-QgVDzUa4q-AUOBTa5cryYiiqzuQ9PcilRXrtbX8mNUqwS50dhOs6D-4zavkCMWBw3RMGOVI2yXzsRjU_6GrQBVCQCcVUMC-Ef5JGlzyAYXZPBLs9wyV3s2qISDMRMi4qWFKVorIyXge%7C&hint=&td=&cc=CH&wsip=2886780939&bca=0&ugd=4&vgd_chost=contextual.media.net&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Download%20Microsoft%20Office%202020&kwt[]=439&kbc[]=1204155511&kwp[]=1&kid[]=329901851&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=2&kid[]=68172923&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.32%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Deals%20on%20Microsoft%20Office%20365&kwt[]=439&kbc[]=1204155511&kwp[]=3&kid[]=329708246&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Certifications&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172844&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.39%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Cyber%20Crime%20Complaint%20Portal&kwt[]=439&kbc[]=1202993920&kwp[]=5&kid[]=329867353&kbc2[]=c%3D2%7C%7Claw%20%26%20government%20%3E%20public%20safety%20%3E%20crime%20%26%20justice%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.956%7C%7Crpc%3D0.01%7C%7Clvl%3D1.00&ktd[]=574769720594688&rand=1604931905960&cid=8CU5BD6EW&vwid=1604931904307499353&vi=1604931904307499353&l3ch=0&slnkp=no&tdAdd[]=rtbsd%3D6&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1604931904162396251&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1604931904896&upk=1604931905.6864&hvsid=00001604931904896031140534832629&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1604929809C8S4U983&vgd_isiolc=1&npgv=1&rtbsd=6&pid=8PO5M70HK&katen=1&pc=100&matm=1604931905967&vgd_ltime=1080&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781036&vgd_nrrsf=nrr&vgd_nrrv=15477&vgd_nrrs=15477&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-829833831%7CDIV&vgd_x_pos=320&vgd_y_pos=518&vgd_ren_page_h=4251&vgd_cty=ZURICH&vgd_l1hcsd=C11%7C7430&vgd_sethcsd=C12%7C7514&vgd_fdimpl=1&vgd_cfud=200721&vgd_is_amp=0&vgd_icat=602&vgd_spcat=500497&vgd_optout=0&vgd_ect=4g&vgd_rensize=630_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1604931904307499353%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D829833831%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f110554%252fcyber-crime%252foffice-365-phishing-inverts-images.html%253fweb_view%253dtrue%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A630%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
status: 200
date: Mon, 09 Nov 2020 14:25:05 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:05 GMT

POST
H2 200 log
navvy.media.net/ Frame 44C4 807 B
997 B 590ms
225ms Other
image/gif 54.153.104.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.153.104.139 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-153-104-139.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.7.v20170914)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/ Frame 82AB 230 KB
87 KB 64ms
48ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22f38713e3cb086adc05ce7b3f126b1a3c18d0bd120bafd17c85117de81741b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 88225
x-xss-protection: 0
server: cafe
etag: 10001109163846534958
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201104/r20190131/ Frame 344C 0
0 7ms
6ms Document
text/html 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201104/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201104/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Sun, 08 Nov 2020 18:54:19 GMT
expires: Sun, 22 Nov 2020 18:54:19 GMT
content-type: text/html; charset=UTF-8
etag: 5228831996244654541
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4745
x-xss-protection: 0
age: 70246
cache-control: public, max-age=1209600
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bql.php Show response
lg3.media.net/ Frame DEE0 15 B
216 B 30ms
29ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001604931904908031140534838091&geo=47.37|8.55&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYFciMDU46nvy2opS-U9xcaashUNJQJOzs6Lwc0KeJJXbtMF4Lp-yocVpM62Q84g9d5WeFZcVPh5Q&lpid=&tsid=1&q=&prv=&type=&ps=&cme=Uazc-GAnkdxqQTWyCWlkN5jG2cq0VGT5T00TH3Tn2tQKHEOCxEKuzsh_JUhX69jL5PIJDXFSOGlu49-SkmScsu1ZxyqsAt668BWPR5DFpp2L8TEJr6MtcpWXbxZq373_pQhKnCLewKZuy7Fsx0wUdLxophOb-TuNuVsq--Ir4n1eCOiPmuvuNM6P92SM0DtBBJrtC4utYbw%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ%3D%7CN7fu2vKt8_s%3D%7C-Ac1J2LSGX4rUjdL7h6K6gUY-u8eaYeRFsmf8wjO24jW0nkZnQ3jGjVLAnoQ6hhS_yd_uZljiQrblSOaBuPkJ3idrPeJkzucm_c3-0xi6IY7qqWqUYm57TcKL9tH1CdM7K5_Te-eiokiZqYEkwyByi4z5qLfOfarvo2stKepGg7MFLJ3ssHIq4HysD-I0GcEGqF3bK6On7tBdqq9yynEEw%3D%3D%7C&hint=&td=&cc=CH&wsip=2886781008&bca=0&ugd=4&vgd_chost=contextual.media.net&vgde_setid=NW&&rc=0&ksu=207&fdkt=439&kwd[]=Download%20Microsoft%20Office%202020&kwt[]=439&kbc[]=1204155511&kwp[]=1&kid[]=329901851&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=2&kid[]=68172923&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.32%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Deals%20on%20Microsoft%20Office%20365&kwt[]=439&kbc[]=1204155511&kwp[]=3&kid[]=329708246&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Certifications&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172844&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.39%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Cyber%20Crime%20Law&kwt[]=439&kbc[]=1202993920&kwp[]=5&kid[]=7535109&kbc2[]=c%3D2%7C%7Claw%20%26%20government%20%3E%20public%20safety%20%3E%20crime%20%26%20justice%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.956%7C%7Crpc%3D0.34%7C%7Clvl%3D1.00&ktd[]=565423871758592&rand=1604931906068&cid=8CU5BD6EW&vwid=1604931904414128678&vi=1604931904414128678&l3ch=0&slnkp=no&tdAdd[]=rtbsd%3D6&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1604931904162396251&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1604931904908&upk=1604931905.6864&hvsid=00001604931904908031140534838091&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1604929809C8S4U983&vgd_isiolc=1&npgv=1&rtbsd=6&pid=8PO5M70HK&katen=1&pc=100&matm=1604931906072&vgd_ltime=1165&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-5&vgd_kals=templates_threshold%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10402%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886780938&vgd_nrrsf=nrr&vgd_nrrv=15477&vgd_nrrs=15477&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=723&vgd_ren_page_h=4251&vgd_cty=ZURICH&vgd_l1hcsd=C11%7C7430&vgd_sethcsd=C12%7C7514&vgd_fdimpl=1&vgd_cfud=200721&vgd_is_amp=0&vgd_icat=602&vgd_spcat=500497&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1604931904414128678%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f110554%252fcyber-crime%252foffice-365-phishing-inverts-images.html%253fweb_view%253dtrue%26%26katen%3D1%26katbid%3D-5&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
status: 200
date: Mon, 09 Nov 2020 14:25:06 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:06 GMT

POST
H2 200 log
navvy.media.net/ Frame DEE0 807 B
997 B 486ms
224ms Other
image/gif 54.153.104.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.153.104.139 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-153-104-139.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.7.v20170914)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Mon, 09 Nov 2020 14:25:06 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 4813 36 B
615 B 368ms
129ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v204
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:06 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Wed, 11 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2079 0
0 62ms
61ms Fetch
image/gif 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvEb4S7AENwZ4Abw8KxzppIWqFwNP82JlaLWWBK4RyR1POS6xdWQy8VzHxOttyb7Hme_vmyrJYlCpKC4-l3JZyOldpezW9HPwAbAw0YP5ldnIZdZpb3REljysak2FATB2Dh26eAAWz3CyWyKnLAXCycuWeLtOJCxFzZllLrYO8lc0hueZXainZgwZH_Ilg0KI8SjgWEeLX6q778O-mA8nfjFTf9VerUNtfsgxwGZTsf6r0URRazMLXi_CfVfFx3Y48UvTlD7xMG7-HQDPVOpG8935us5nVVWUEqmfwMZgmL5gSKQ0WPiDqFUgO3AQ&sai=AMfl-YQVWOG-UC6G0OfmBwsjyvt30zIQ9sADqVBVSClzEpn3bN1XAOx04waf52OUOREciQnjjiQc6pAO-_Wt1IOBx-cbF6Vym70Ocm5wEQNY1U__BezFaJeS9fY4r0J-yj4&sig=Cg0ArKJSzAShHtrLT22hEAE&urlfix=1&adurl=

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 nrrV15477.js Show response
contextual.media.net/4a/ Frame C1EA 99 KB
32 KB 38ms
38ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV15477.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5BD6EW&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f51dca24bab78f0440feb96638dcb951fdb5e2ef6b80f201bd7636a80096d253

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "28c1e04ceae885ace553dd756e8e54bb"
vary: Accept-Encoding
x-mnet-h: 8-19
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=1209600
date: Mon, 09 Nov 2020 14:25:06 GMT
content-length: 32065
expires: Mon, 23 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2079 74 KB
28 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cc89c3da76fd4c0946e9b04449529037989c7d3474321103c21e3733e6733ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1604665402527796"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28769
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 35ms
27ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=aplog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020110911_62&servname=hbcm_na&gdpr=0&csex=2&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001604931905920031140534832617&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=&vw=1600&vh=1200&pht=4251&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=0&prvAccId=&prvApiId=&exid=&pcId=&pseat=&adj1=0&adj0=0&adj2=0&adj3=0&mowxReqId=&crid=959728963&g=0&size=300x250&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=0&bdp=0&cbdp=0&dcbdp=0&ckfl=&cs=&mnet_ckfl=&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=&dfpBd=0&nms=1&di=&dt=&epc=&ogbdp=0&s=1&snm=success&dbf=1&bdata=&cmpid=&bId=&pcrid=&ruct=0&brs=&brr=&iurl=&htps=0&ptype=27&pbidflr=0&exp=&bfs=0&seat=&nbr=&ba=1&ybnca_gbid=&ybnca_erpm=&ybnca_vbid=&yogbdp=&yErpmFlag=&smsrc=1&strg=&ybnca_bbid=&prvReqId=&dStat=&ogbid=0&acid=298012188031441491604931904782&act=headerBid&dtfdl=&dspltime=&ttfd=&rtime=&dtc=&rtbsv2=&mp_seg%3C%3E=&apid=&wsip=&ltime=&abs=&ssregion=&ssreqid=&sssvnm=&top=0&btm=0&lft=0&rght=0&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&patkey=&patint=&pc=&spSource=0&spIvt=0&spId=&spFst=0&spIsReq=0&spTo=0&pgcatiab=&pgcatiab2=&pgcatsprig=&gFunDl=false&ngFunDl=false&rDl=false&refVisId=&osnbr=&brf=0&iwb=1&toconsider=0&dcs=&auMxTm=&actltime=1135&acsn=1&dfpDiv=&dfpAdPath=&dfpPos=&sbdrid=426&bbdrid=&td=%7C&pvNbr=&pvNbrDtls=&lper=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&kwrf=&epurl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-84-56-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 34ms
26ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=kfk&evtid=relog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020110911_62&servname=hbcm_na&gdpr=0&csex=2&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001604931905920031140534832617&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=&vw=1600&vh=1200&pht=4251&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&ffp=0.05&efp=qcqk&mdf=0.05&mdk=mnet_segment&rp=&rf=&rfs=nfetched&dfpAdPath=%2F45361917%2F8CU5BD6EW-733976884-300x250_inside_post_yahoo_2&src=Dynamic&lper=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&kwrf=&epurl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-84-56-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 log
hblg.media.net/ 35 B
194 B 36ms
29ms Image
image/gif 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?logid=awlog&pid=8PREB0781&itype=HB-CM&dn=securityaffairs.co&cid=8HB41O6BH&svr=2020110911_62&servname=hbcm_na&gdpr=0&csex=2&suc=0&csstr=&tcf_cmp=&tcf_status=&tcf_prp=&usp_status=0&usp_enf=1&usp_string=&ufca=&usp_ldf=&ugd=4&adt=desktop&vid=00001604931905920031140534832617&vsid=&sd=1&gtd=400&inid=0&gfd=&cc=CH&sc=ZH&ct=ZURICH&abte=CONTROL&adbd=0&amp=0&version=1&sB=true&cors=true&disB=false&ice=&vw=1600&vh=1200&pht=4251&cl=&__rk=0&app=0&rtype=&vendor=Google%20Inc.&isSafari=0&pvid=4&prvAccId=733976884&prvApiId=8CU5BD6EW&exid=31&pcId=&pseat=&mowxReqId=326075411737647201604931904788&crid=959728963&g=0&size=300x250&sec=&chnl=&prspt=headerBid&rfc=0&tref=0&fpuReq=1&rtime=24&dtc=nydc&rtbsv2=&mp_seg%3C%3E=17243%23%2317212%23%2315607%23%2315610%23%2315613&apid=1&wsip=c10-mowx-web-35&ltime=238&abs=0&ssregion=&ssreqid=&sssvnm=&bdp=0.05&cbdp=0.05&dcbdp=0&ckfl=0&cs=&mnet_ckfl=0&cat=&attr=&pvAgNm=&pvAgId=&advId=&advNm=&advUrl=unknown&dfpBd=0.05&nms=1&di=&dt=O&epc=733976884&ogbdp=0.05&s=1&snm=success&dbf=1&bdata=sd2%3Dnull%7C%7Cbb%3D196%7C%7Cvv%3D0%7C%7Cerpm%3D0.05%7C%7Cogerpm%3D0.05%7C%7Cbm%3D2.04%7C%7Csid%3D733976884%7C%7Csd%3D1%7C%7Cuid%3Dl0Jgi7nUeNHQtu6IO%7C%7Cdc2%3D1%7C%7Cbtd%3D168749648061374532672496362934902784%7C%7Cscd%3Dzh%7C%7Cuim%3D0%7C%7Curl_tkc%3D0%7C%7Css%3D1600x1200%7C%7Cuiw%3D-1%7C%7CMP%3D.*crime.*%7C%7Clast%3D0%7C%7CCI%3D2198%7C%7Cip%3D3oKfz5%7C%7Cfbb%3D0%7C%7Ctb%3D-1%7C%7Cct%3Dzurich%7C%7Crc%3D1%7C%7Cbasis2%3D196%7C%7Curl_b%3D0.07%7C%7Cbasis1%3D196%7C%7CisRef%3D0%7C%7CPF%3D0%7C%7Clc%3D0%7C%7Curl_tvi%3D0%7C%7Curl_l%3D40%7C%7Cbid%3D0.05%7C%7Cdc%3D7%7C%7Cgcat%3D500497%7C%7Cogbid%3D0.05%7C%7Ccbdp%3D0.05%7C%7Cbflag%3D1%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%7C%7Cibc%3D1%7C%7Cddt%3D-1%7C%7Cnsz%3D1%7C%7Ctgs%3D300x250%7C%7Cbsb%3D0%7C%7Cbsp%3D0&cmpid=&bId=&pcrid=8CU5BD6EW-733976884-46-2&ruct=0&brs=&brr=&iurl=https%3A%2F%2Fiurl-a.akamaihd.net%2Fybntag%3F%26cid%3D8CU5BD6EW%26crid%3D733976884%26size%3D300x250%26requrl%3Dhttps%253A%252F%252Fsecurityaffairs.co%252Fwordpress%252F110554%252Fcyber-crime%252Foffice-365-phishing-inverts-images.html%253Fweb_view%253Dtrue&htps=0&ptype=27&pbidflr=0.00&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Cclt%3D0%7Cfl_rl%3D1%7CssProfile%3D0%7Cdbr%3D1%7Ctkd%3Dnull&bfs=0&seat=&nbr=0&ba=1147&ybnca_gbid=&ybnca_erpm=0.05&ybnca_vbid=0.05&yogbdp=0.09&yErpmFlag=1&smsrc=1&strg=&ybnca_bbid=-1.0&prvReqId=42255733526229231_1826949757_959728963141&dStat=0&ogbid=0.09&acid=298012188031441491604931904782&act=headerBid&dtfdl=&dspltime=&ttfd=&ttm=0&vtm=0&sttm=0&svtm=0&mnrfc=0&mnrf=0&invw=-1&adj1=0&adj0=0&adj2=0&adj3=0&patkey=&patint%3C%3E=&pc=&spSource=0&spIvt=3&spId=&spFst=0&spIsReq=3&spTo=3&top=0&btm=0&lft=0&rght=0&mx_SD=&mx_PC=1&mx_SPRIG=0&mx_UCC=2&mx_GCID=0&mx_IAB2=0&mx_vsGap=&mx_dgf=0&mx_BCN_BF=&mx_bsBucket=0&mx_ssProfile=0&mx_BCE=&mx_lr=0&mx_BCI=&mx_uid_sent=0&mx_yhs_enabled=&mx_SC=0&mx_BCT=&mx_yhs_target_bidders=&mx_BCN_YHS=&mx_BCW=&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=0&mx_supply_path=&mx_sbp=-10&mx_yhs_deal_sent=&mx_aqcpl_crid=0&mx_yhs_selected_deal=&mx_tgs=300x250&mx_nsz=1&mx_TAS=&mx_aurt=0&pgcatiab=IAB3-4&pgcatiab2=602&pgcatsprig=498&gFunDl=false&ngFunDl=false&rDl=false&actltime=1135&auMxTm=&brf=0&dcs=&dfpDiv=&dfpPos=&dfpAdPath=&lper=1&td=r%3Dstr%7Cab%3D0%7C&oyaf=0&sbdrid=426&ra_sz=300x250&tk=&sc_pvid=&sc_ogbdp=0&sc_adj1=0&sc_adj0=0&sc_adj2=0&sc_prspt=&sc_act=&sc_bdata=&sc_bdp=0&sc_cbdp=0&sc_bId=&sc_cat=&sc_cmpid=&sc_advId=&sc_advNm=&sc_advUrl=&udc=&rti=-1&rme=ADPTR&bbdrid=&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&kwrf=&epurl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-84-56-24.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.25.v20191220) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.25.v20191220)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame C933 73 KB
27 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b67b0772cddf8915ec85788e361a4331fbdcc4bcf7656b9d6aa4299b5b470f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1604665402527796"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27920
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C933 8 KB
7 KB 46ms
33ms XHR
application/json 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020110201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04425238d31ae01bde720f79e8804ec8b39ed173216f7dd72419bf11b5121022

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6544
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 82AB 12 B
99 B 34ms
33ms Script
text/javascript 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&cookie=ID%3D04e136036035515d-222356112ab9005d%3AT%3D1604931906%3AS%3DALNI_MYVH1nnTqTGOq058EufK0X4M8jKrw

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 82AB 109 B
810 B 44ms
30ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 82AB 109 B
810 B 44ms
30ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H/1.1

200
OK

afr.php
served-by.pixfuture.com/www/delivery/ Frame F8D5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492131&pi=t.ma~as.1139220782&w=320&lmt...
https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5531

0
0

188ms
187ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5531
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Host: served-by.pixfuture.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 09 Nov 2020 14:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=172800 public, no-transform
Pragma: no-cache
Expires: Wed, 11 Nov 2020 14:25:06 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Encoding: gzip

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
location: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5531
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 09 Nov 2020 14:25:06 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 82AB 73 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b67b0772cddf8915ec85788e361a4331fbdcc4bcf7656b9d6aa4299b5b470f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1604665402527796"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27920
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame C0A8 92 KB
32 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60703938a4092034ac398dac0d2cdc29dc7633200013f7d1bd93b4d5834f41b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 32599
x-xss-protection: 0
server: cafe
etag: 15281050947629156512
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 84B9 3 KB
3 KB 116ms
115ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v144
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:06 GMT
Last-Modified: Mon, 06 Jul 2020 13:30:16 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5f032768-a4e"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2638
Expires: Wed, 11 Nov 2020 14:25:06 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C933 16 KB
6 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame C1EA 15 B
216 B 30ms
30ms Script
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001604931904749031140534833719&geo=47.37|8.55&lper=100&bdrid=4&subBdr=426&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYFciMDU46nvy2opS-U9xcaashUNJQJOzs6Lwc0KeJJXbtMF4Lp-yocUsjFNWWcwxFCUKSzmT7tQG&lpid=&tsid=1&q=&prv=&type=&ps=&cme=w37CLD9_GqY8IxBSDrjMk1-VunY1PTgdlYRuQZqgy70zk_NoJ_PxdLGSZNwAyElBvghLbzphRtbmG4KGMSSoTMGpBjyVyw96RWo0IcGBqL7o6BDfWpVhY5FbGXNXpyA4f4HHFglLju2PewI2OpZzdsuB4uyGoQe6GPzpELycXsHmsxMtcdRKpI6FTs8LYoNjFGyLiD2-K1o%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ%3D%7CN7fu2vKt8_s%3D%7C5GzCHjZihlzQ0kNW4qS989HKl0JrjOYAR9P0jnqhmp-R6eXkBVNMBDkeX2jzOQGHPiuevSs-TA-yFBRt5H00MuW1VSRnFPdAaQAfM1dXvSLUEt9n_haBDWyGlCwyqLpTS7-7ctoIXG908GCPkR9fVAeCg3TQ6-Xmc4UlNWou8D6PpitbsY3Db0EXLo9hUEkXG9qqdn6gEt0LD-1_yhm70w%3D%3D%7C&hint=&td=&cc=CH&wsip=2887305290&bca=0&ugd=4&vgd_chost=contextual.media.net&vgde_setid=Nu9&&rc=0&ksu=207&vgd_aid=298012188031441491604931904782&fdkt=439&kwd[]=Download%20Microsoft%20Office%202020&kwt[]=439&kbc[]=1204155511&kwp[]=1&kid[]=329901851&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.30%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Solutions&kwt[]=439&kbc[]=1202993920&kwp[]=2&kid[]=68172923&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.32%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Deals%20on%20Microsoft%20Office%20365&kwt[]=439&kbc[]=1204155511&kwp[]=3&kid[]=329708246&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.12%7C%7Clvl%3D1.00&ktd[]=281749871526144&kwd[]=Cyber%20Security%20Certifications&kwt[]=439&kbc[]=1202993920&kwp[]=4&kid[]=68172844&kbc2[]=ps%3D0.956%7C%7Crpc%3D0.39%7C%7Clvl%3D1.00&ktd[]=563224865014016&kwd[]=Cyber%20Crime%20Articles&kwt[]=439&kbc[]=1202993920&kwp[]=5&kid[]=68168797&kbc2[]=c%3D2%7C%7Claw%20%26%20government%20%3E%20public%20safety%20%3E%20crime%20%26%20justice%7C%7Cdiff%3D1%7C%7Csetid%3D0%7C%7Cps%3D0.956%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=563224865280256&rand=1604931906394&cid=8CU5BD6EW&vwid=1604931904160501416&vi=1604931904160501416&l3ch=0&slnkp=no&bdrct=0.05&vgd_mseg=0.05&vgd_rt=1141&bto=0&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1604931904126123088&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&axbx=bl5&vgd_refimp=0&sttm=1604931904749&upk=1604931905.6864&hvsid=00001604931904749031140534833719&verid=111299&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_hbReqId=T1604924342C8S18U100&vgd_isiolc=1&rtbsd=10&matm=1604931906397&vgd_ltime=1657&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_refcnf=%7B%22a2y%22%3A%7B%22afterLoadSecs%22%3A30%2C%22afterViewSecs%22%3A10%2C%22percentTraffic%22%3A95%2C%22ignoreSessionDisable%22%3Atrue%2C%22both%22%3Afalse%7D%7D&vgd_dfp_tgt=%7B%22crid%22%3A%22733976884%22%2C%22mnet_segment%22%3A%220.05%22%2C%22mnet_variant%22%3A%22426%22%2C%22pub_domain%22%3A%22securityaffairs.co%22%2C%22mnet_cc%22%3A%22CH%22%2C%22mnet_bucketid%22%3A%22b3%22%2C%22mnet_ref_ybn%22%3A1%2C%22mnet_pid%22%3A%228PRHGG6T9%22%7D&vgd_sbSup=1&vgd_l2wsip=2887305235&vgd_nrrsf=nrr&vgd_nrrv=15477&vgd_nrrs=15477&vgd_nrrmf=4a&vgd_cntrdt=S%7CDIV&vgd_ren_page_h=4251&vgd_cty=ZURICH&vgd_l1hcsd=N3%7C7430&vgd_sethcsd=C12%7C7514&vgde_bdata=QOfvzxjj%7C%7CGGvuiF%7C%7Ceev9%7C%7CJLEYv9.9X%7C%7CmyJLEYv9.9X%7C%7CGYvf.9H%7C%7CQ8OvhAAihFWWH%7C%7CQOvu%7C%7Cx8Ovj96y8hzPJIqg7xFVa%7C%7CONfvu%7C%7CG7OvuFWhHiFHW9FuAhHXAfFhfHiFAFfiAHi9fhWH%7C%7CQNOvlw%7C%7Cx8Yv9%7C%7CxLjM7UNv9%7C%7CQQvuF99-uf99%7C%7Cx8Bvou%7C%7Cc0v.*NL8YJ.*%7C%7Cj1Q7v9%7C%7C%3DVvfuiW%7C%7C8EvAmCklX%7C%7CkGGv9%7C%7C7Gvou%7C%7CN7vlxL8Nw%7C%7CLNvu%7C%7CG1Q8QfvuiF%7C%7CxLjMGv9.9h%7C%7CG1Q8QuvuiF%7C%7C8QDJkv9%7C%7C0sv9%7C%7CjNv9%7C%7CxLjM7e8v9%7C%7CxLjMjvH9%7C%7CG8Ov9.9X%7C%7CONvh%7C%7CyN17vX99Hih%7C%7CmyG8Ov9.9X%7C%7CNGOEv9.9X%7C%7CGkj1yvu%7C%7CQmGEv9%7C%7COO8ev%25%25rs0MrV%2F%25%25%7C%7COYYv%7C%7C8GNvu%7C%7COO7vou%7C%7CzQlvu%7C%7C7yQvA99-fX9%7C%7CGQGv9%7C%7CGQEv9&vgd_fdimpl=1&vgd_cfud=200311&vgd_is_amp=0&vgd_icat=602&vgd_spcat=500497&vgd_optout=0&vgd_ect=4g&vgd_rensize=0_0&vgd_scr_h=1200&vgd_scr_w=1600&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1604931904160501416%26lw%3D1%26rtbs%3D1%26esi%3D1%26size%3D300x250%26crid%3D733976884%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D0%26dfp%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26hlt%3D1%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f110554%252fcyber-crime%252foffice-365-phishing-inverts-images.html%253fweb_view%253dtrue%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Bwin_w%3A1600%3Bwin_h%3A1200&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
status: 200
date: Mon, 09 Nov 2020 14:25:06 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:06 GMT

POST
H2 200 log
navvy.media.net/ Frame C1EA 807 B
997 B 296ms
296ms Other
image/gif 54.153.104.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV15477.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.153.104.139 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-153-104-139.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: Jetty(9.4.7.v20170914)
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2079 0
21 B 61ms
60ms Image
image/gif 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssUJESnFHxNnjXmj_3zSYIC3k_VvVngpyoi_sSsd-CCoA1qgYfnTbFWwOCYm7KevWGuLGhFQr-le68jZV_loS1MqWOHd5ZPIV51tRd3zBDzLtpCZI4v2xcv6pbI4LSdlVCKiskbuiKvgckCZ_tuxPYN0MicwthqDexZznM7kFGa4jW0mvuMoPNhz6g_vGi4132wVMvlfzicIjX2SFe0hO--gu4VLPjyG-28foepGurXS67nfZhie3nnTjjRuoUa_sqHUd5ODjFb_GHM7Ow4AzJPhnk5HdxJ6ko0AR2UXFoA81kOzPD8BJHNzbSJ1iMB&sai=AMfl-YQk5TpVoG7UUgb8u5LNsCFjALOgBW-AnE8l5tRZSSo5ceDA3S0FbaDvqLhFvHhbBBPmj60N7VbYrRXD7Pm2I2CX1ghLM7rlUeqfjAubQ-6l_rmq9K8rM67wq7J_U6M&sig=Cg0ArKJSzP2QYPjJL7EPEAE&urlfix=1&adurl=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/ Frame C0A8 230 KB
86 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22f38713e3cb086adc05ce7b3f126b1a3c18d0bd120bafd17c85117de81741b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 88225
x-xss-protection: 0
server: cafe
etag: 10001109163846534958
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 066A 0
0 32ms
19ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Mon, 09 Nov 2020 13:43:14 GMT
expires: Tue, 09 Nov 2021 13:43:14 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2512
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 84B9 36 B
615 B 130ms
130ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v144
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:06 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Wed, 11 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame C0A8 12 B
195 B 34ms
33ms Script
text/javascript 172.217.22.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame C0A8 109 B
126 B 16ms
16ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame C0A8 109 B
126 B 15ms
15ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H/1.1

200
OK

afr.php
served-by.pixfuture.com/www/delivery/ Frame 4832
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492128&pi=t.ma~as.1680648786&w=300&lm...
https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529

0
0

144ms
143ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Host: served-by.pixfuture.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 09 Nov 2020 14:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=172800 public, no-transform
Pragma: no-cache
Expires: Wed, 11 Nov 2020 14:25:06 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Encoding: gzip

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
location: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 09 Nov 2020 14:25:06 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame C0A8 73 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b67b0772cddf8915ec85788e361a4331fbdcc4bcf7656b9d6aa4299b5b470f9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1604665402527796"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27920
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 82AB 8 KB
6 KB 26ms
26ms XHR
application/json 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201104&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cdb399f8da99653cf6f6480f958c4e6740c116d1807e531a08e915c832e4031d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6480
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 82AB 16 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 28ms
28ms Image
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&kals=base%7C%7Cpc%3D100&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=wkAyRkuQ-gHAY9iqKwu5Usk9ahrRmWN-hLJAdEV_WiTPR8Hw1hDX8dYXQnodrNNm6ieK3w2j3rpze4RgYaqvTrbkuviyeOvssYcVGAPJsRlLQWZxcW8maZQYlMrKaJyGOfKE44bS-HqCR_YomWQDop7QoIy7TJMt5puOzO9Hgzj6bpwvHbbeyEUyTUSQe5VqAY98k1mL8gk=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ=|N7fu2vKt8_s=|KrfxeDvrAqHIY3Xns2VB5wuadTXC2TegYHAe7ckBlWPd8c8rm92Vjsi4RsKY_ZaNcuWD3VrlG6oo08hflBuXyrP7iNMk5l_ceY-1I4WomeIw36MI9KQ1G3IdPcvJcI7p4XCuPw32sgGjvsTsQxP6gsPQ3MC3sl09AQwPHQOq381Zwfp3WjWjV4yILdeQiyi2VX8u7nqH6ma4ax7nqHwjeA==|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vi=1604931904234108243&ugd=4&cc=CH&sc=ZH&startTime=1604931904901&l2type=setting&vgd_l1rakh=1604931904162396251&l1ch=1&sttm=1604931904902&upk=1604931905.6864&hvsid=00001604931904902031140534832140&verid=3121199&vgd_sc=ZH&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&vgd_hbReqId=T1604929809C8S4U983&l1hcsd=l1!C11|7430&vgd_uspa=0&vgd_isiolc=1&npgv=1&l3c=%7B%7D&l3d=%7B%22cntrdt%22%3A%22AS%7CDIV-184323154%7CDIV%22%7D&l3l=%7B%7D&rtbsd=6&l2ch=0&l2wsip=2887305230

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:06 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 8BD0 0
0 128ms
25ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Connection: keep-alive
Content-Length: 17037
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: W/"5e7a2cb3-cefd"
Expires: Fri, 04 Sep 2020 06:04:52 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 09 Nov 2020 14:25:06 GMT
Age: 29880
X-Served-By: cache-lga21942-LGA, cache-hhn4034-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 479747
X-Timer: S1604931907.977734,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 28F8 0
0 36ms
34ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.197.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=9ff634a0-83a9-4392-a7e8-cfb067760554|1604931905
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=9ff634a0-83a9-4392-a7e8-cfb067760554|1604931905; Version=1; Expires=Tue, 09-Nov-2021 14:25:06 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1604931906|gekin0vNiygu; Version=1; Expires=Tue, 24-Nov-2020 14:25:06 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.197.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 09 Nov 2020 14:25:06 GMT
content-type: text/html
content-length: 420
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 visitormatch
bh.contextweb.com/ Frame 6D75 0
0 338ms
117ms Document
text/html 198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vf=1; wf=0; V=hVM64bSguDBw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-77d4cd6746-56s7j
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
set-cookie: V=hVM64bSguDBw;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Thu, 04-Nov-2021 14:25:07 GMT;Max-Age=31104000;SameSite=None pb_rtb_ev=3-13m9|89b.0|88b.0|8ea.0|2JB.0|7Nq.0|7Bj.0|7aw.0|7TY.0|7TZ.0|8cn.0|7br.0|7ND.0|7bs.0|6zB.0|7Xh.0|83u.0|87G.0|8bO.0|2N.0|7RY.0|7dN.0|85M.0|4is.0|89W.0|7Rn.0|7I7.0|3oy.0|81B.0;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Tue, 09-Nov-2021 14:25:07 GMT;Max-Age=31536000;SameSite=None INGRESSCOOKIE=a83c8960b1466b4f; path=/; HttpOnly; Secure; SameSite=None
content-length: 3182
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame FC90 0
0 120ms
34ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=102565
Expires: Tue, 10 Nov 2020 18:54:31 GMT
Date: Mon, 09 Nov 2020 14:25:06 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4813
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=4cd85fa9-5142-4500-9c42-05a43a90bff2

49 B
926 B

286ms
112ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=4cd85fa9-5142-4500-9c42-05a43a90bff2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: MT3 3322 7ec6219 master cdg-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=4cd85fa9-5142-4500-9c42-05a43a90bff2
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 09 Nov 2020 14:25:06 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4813
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://p.rfihub.com/cm?in=1&pub=20513&ssp=sonobi
https://x.bidswitch.net/sync?dsp_id=119&user_id=1041246337751330528&expires=30&ssp=sonobi
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=63fca01c-1550-419f-8ed6-6ab59872bdb1

49 B
840 B

34ms
33ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=63fca01c-1550-419f-8ed6-6ab59872bdb1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Mon, 09 Nov 2020 14:25:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=63fca01c-1550-419f-8ed6-6ab59872bdb1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4813
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82

49 B
926 B

291ms
68ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:07 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 4813
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YzM5YTI3YTAtMzJjMS00YjY5LTk3MTEtYmYyMThkYzE0OGU5
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1

49 B
811 B

267ms
92ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:06 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4813
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528

49 B
804 B

287ms
113ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4813
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2856971095
https://sync.1rx.io/usersync/tradedesk/1da2a11e-6561-4478-be28-cf4996762e56
https://sync.targeting.unrulymedia.com/csync/RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-7e90ea35-a231-472c-b44d-f7d...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003

49 B
933 B

110ms
33ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: Tengine
ETag: RX7e90ea35a231472cb44df7da1079f3b4003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003
Connection: keep-alive
Content-Type: text/html

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 4813
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c39a27a0-32c1-4b69-9711-bf218dc148e9&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=QmJqTUgwd3IwaGJfaHRPelpSY0huZw&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKa8maFRJRxYvCwW5eZoGNM&google_cver=1

49 B
756 B

124ms
110ms

Image
image/gif

198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKa8maFRJRxYvCwW5eZoGNM&google_cver=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-77d4cd6746-dws7s
expires: -1

Redirect headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:07 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKa8maFRJRxYvCwW5eZoGNM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 51ms
50ms Image
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&kals=base%7C%7Cpc%3D100&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=5QuC1QKrulSS0JM67d-5kG2ULdtJ0z9q-8HqMDuDTecpB9CePorqG8Vw9YDVw9nfSMHS6zWXA_MAOqMhn28bvu_RxpHEUAWKv1Ojapvml8N0ykjwFzsyosM7VzdspZFdsyYQmbHjFH1cyb2XKw68_UGr0N2yDJmqIPkNC52capzrabrIysA0yuGaGx7mjbEphGF6qDpuLf4=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ=|N7fu2vKt8_s=|MxJ44Ee5mkFub9p3Ax1TXl224Ys9AzBmbX6Q96bJoHjfqan1aCZb3bxep_KHQzMs4ffBwWLtVbg1v1G1vNYM-QgVDzUa4q-AUOBTa5cryYiiqzuQ9PcilRXrtbX8mNUqwS50dhOs6D-4zavkCMWBw3RMGOVI2yXzsRjU_6GrQBVCQCcVUMC-Ef5JGlzyAYXZPBLs9wyV3s2qISDMRMi4qWFKVorIyXge|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=829833831&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vi=1604931904307499353&ugd=4&cc=CH&sc=ZH&startTime=1604931904888&l2type=setting&vgd_l1rakh=1604931904162396251&l1ch=1&sttm=1604931904896&upk=1604931905.6864&hvsid=00001604931904896031140534832629&verid=3121199&vgd_sc=ZH&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&vgd_hbReqId=T1604929809C8S4U983&l1hcsd=l1!C11|7430&vgd_uspa=0&vgd_isiolc=1&npgv=1&l3c=%7B%7D&l3d=%7B%22cntrdt%22%3A%22AS%7CDIV-829833831%7CDIV%22%7D&l3l=%7B%7D&rtbsd=6&l2ch=0&l2wsip=2886781036

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:07 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:07 GMT

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 134ms
125ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgpgHiBcIAwgDQgM4GMD2MQEYBscALAJwDMOxRA+qQOx6U714CseeSqmAZjDsugwAXbPiJkK1OgzhN2bPFQAcAIwBMcJbRU44atMTCkwLbtzAATHGhyFaSy6vudBQ3tH5dhF0QRLlKQhp6RmYFKjUAQyZuFVlibkilJThSbjQ0ekjCOjQ8BzU1UhYXTCELd08wAGtI7BYDWjUwbjgAWkLiWjacHDAVNpUwHEi2pT64SnSLBzBOGpU+ZDQANxRsYAAdEAAbDDRInaoUIQwAJ0iAczBt6G2GrubWjrUunr6BoZGxiam0GbANyQ2xQYBQKAAlhgAHbHU4Xa63e6NJ7tTrdXr9QbDUbjMCTODTWbbRDbTAYaoQsBUCyRISRJEgB5NFpo14Yj7Y754glEwHbAC+nFq9QMDDUcReb0xn2IxDUbTSr0I3FoaGSpCUwsWHmWKw22z2ByOJ3OVyBdyZYvlkvR7yxKjlCqVxBVao1ShJILBkJhcLNiJgyOI4tt7Ptsvliu4ytV6qUmq9IHJlOptPpjIeobZ0s5jqjLrd8cTICFyEubhgAG04Iha-W64gcABdctCdbQGuNhu1lsCdvVnuN-hwVvgNBCAC22HopE4k4AntWq-xSBpEMQWLWWDglIh6EpW1W1BuUk21GfCDhSIh2KRm2OAO4AR2rY8XZzfyzOk4ADtXcD8CRAlIOBaBIMgWFIKhJ0iCFYRwEAx0OERO1HAQsF1VB6SEABXDtjxvYhEBve9kAALzqLDf0ubB9WQMBoX1WB-3LAALXxxACOAtyvUgrxwFg1CEpQWC1ZAB1gWxXhScC8GEsTODWbA8AAOjgVS6EQ5BDhgG8QHSGAegYoQIT4IDuMIftaOgWtUGqTj-EkIJpFCeR2HmCF-yk0TVMEtSmBYPywPmXCqM8XCzNshiVh2atQGhSJJzmWAVAhCwLDAM4qHSzh0yo0A0oyrKcp8aBoVwnYdmQFYIVKxzgKIK8rwvPBnAFAVEASpKUpAIrMuy3LkHymBCvSgb6vKyrqpAWrJsArjnNA8C5WKOcOq6kBEuS7B+pKoaQBG6AxuKwayoqqqarq3KpIs5yiivTQ1ByUtOu6nbUvG-afGGukCr6r6zuwQglOusqFqcwIxC3Wx8FescUB2E4Gu4rdSA4ZAdkqK75rESGiAe3QlGeudlnwoR5qUABhABVFgACEABE8AAUQAdU4S40HMxbKCaWxkGfFLPG4KK4AFIA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:07 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 112ms
102ms Image
text/javascript 104.84.56.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&kals=templates_threshold%7C%7Cpc%3D100&katen=1&pc=100&kata=at5&katbid=-5&kasts=tstype%3D-10402%7C%7Cgbid%3D-2&cme=Uazc-GAnkdxqQTWyCWlkN5jG2cq0VGT5T00TH3Tn2tQKHEOCxEKuzsh_JUhX69jL5PIJDXFSOGlu49-SkmScsu1ZxyqsAt668BWPR5DFpp2L8TEJr6MtcpWXbxZq373_pQhKnCLewKZuy7Fsx0wUdLxophOb-TuNuVsq--Ir4n1eCOiPmuvuNM6P92SM0DtBBJrtC4utYbw=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|6bqF2dD64RGaHrSzNUWonYNLPFl8mKcHUgqV9CLR4hVnff5lYRCYWF0L08Sm0uCytC7voMW6DP2sUqi30nAQxdSeAZb7165MRCIZiDFQioiIX1NRNGoHbsMKJtq-TgRNJ1ZtJwhkHAQ=|N7fu2vKt8_s=|-Ac1J2LSGX4rUjdL7h6K6gUY-u8eaYeRFsmf8wjO24jW0nkZnQ3jGjVLAnoQ6hhS_yd_uZljiQrblSOaBuPkJ3idrPeJkzucm_c3-0xi6IY7qqWqUYm57TcKL9tH1CdM7K5_Te-eiokiZqYEkwyByi4z5qLfOfarvo2stKepGg7MFLJ3ssHIq4HysD-I0GcEGqF3bK6On7tBdqq9yynEEw==|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F110554%2Fcyber-crime%2Foffice-365-phishing-inverts-images.html%3Fweb_view%3Dtrue&vi=1604931904414128678&ugd=4&cc=CH&sc=ZH&startTime=1604931904907&l2type=setting&vgd_l1rakh=1604931904162396251&l1ch=1&sttm=1604931904908&upk=1604931905.6864&hvsid=00001604931904908031140534838091&verid=3121199&vgd_sc=ZH&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&vgd_hbReqId=T1604929809C8S4U983&l1hcsd=l1!C11|7430&vgd_uspa=0&vgd_isiolc=1&npgv=1&l3c=%7B%7D&l3d=%7B%22cntrdt%22%3A%22AS%7CDIV-647633027%7CDIV%22%7D&l3l=%7B%7D&rtbsd=6&l2ch=0&l2wsip=2886780938

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.84.56.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-84-56-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Mon, 09 Nov 2020 14:25:07 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
status: 200
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Mon, 09 Nov 2020 14:25:07 GMT

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 225ms
217ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgxgTgtgDiBcBtEBGAbABgCwE4DMKO2eGA7LvgKx4D6UAhgJYB2NKIANKprgUVgCY8WFBgAcArLQYsaAzt2z5C2ESIFi0pMXSas8IALpd6AGwAuCRBg42MxkAGcA9gjxcoATyuIUHPAI2OJQ2lChiHKRoYsaIAhw4YjYoGjYi7mhoeLHuicmpkUIJpNkOAO4AjlYOXhDVXIwAbgjxTub05gCujlbu7oQOAF70CH4gMADmCCDNXACmzM3w4woTABbT6Ep8GCHpIiiUAkdilGIK5j3LKIJ55GjHZwqNVyBoAHQY73ik7Cambi4ADMwAgALRjObmRijHjKfhcRzmKbwGxOADWmzhOywNB+aCIKCiaEomQUc0YcGup3ehw+RMotLI5M6I3gY06MNR80aAKQoGY9Cgc2mACNGAATCVzCA0SUKCUdNmgcVSmVyiUIZidUymLiNRgarHbFRYNQpTTaEAAX2tHAFQpFy1V0tl8q4ivaCBVktdRvg2t1+sN8uu2NNJHIOCoBlt9pAguFYt96vdIE9ypALtTmoDOr1MxDucUvFNQhE4kksbtDqTzpTbs1HqV3qzDf9ICwzyLxtL-C2IRu6Bt1ocjlMSN78N2GDwaAUpiBo2DHa2few5dEEikCjA3XMHbEAGEAKqUABCABE0ABRADqq1B7PDRFIAkwXAqTrGQK5GGtQA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:07 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame FCA7 0
0 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Mon, 09 Nov 2020 13:43:14 GMT
expires: Tue, 09 Nov 2021 13:43:14 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2513
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C0A8 8 KB
6 KB 197ms
195ms XHR
application/json 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201104&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

59c07ad5c2d56ddc220db55646f846b5dff3342cd04b076793335d009c8183e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 09 Nov 2020 14:25:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6355
x-xss-protection: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C933 0
138 B 202ms
201ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020110201&jk=3595775543418185&bg=!o6CloIDNAAUBH37qAVh1B5PgYbP3XQIAAAFtUgAAAApoAQcKAXSUyuQHkCs9Wy2HV0V-SWPmbzvs41oH2DVmdOIZa4G9naNNmZt9rwghfx20KkUkMqGlUVk5AdyyOH4XVY11mq30kirvH-i1VhdlmstmLo20alZpbBxWUDktwzxBaMm8bHBn45EZeBSEP4byHwM5sZqWD0ZoWOkE9xJFpwOcm7C0Vv0pXgfcn7zlTVXCkyCIK64KQypAYqGCJhSZYh0S2LiBwFEsuVg77ADxDfm1h5ycjHKM-ywMVQ0qrxto-RQKvZynlxzxO8ir7p72H5-HGjn2D_q-Wlw0FeXK4GX80_DAJABuDRHsFBP0OUSA9BmRgmKq4HWtvxgiftAWLbUi2UBd80FcWLal4fgVv0llhOwt8ufcWqoVtA3RP0Nh2NO-W6FkJ70hAdon-Tme8-j5eXVzymJ_TTmP4_iOdk39D3U5D8fnlUhLJfvQGirzz4EmB_oBvNeLoC0p-FW6MRWCAahQeSk6tYJGFQckyUnqmfKCnJhDrdOZAdfTrYdM92bSsD0Onq6Xh684PoXp3hyDBCRgl4u5ZcS9BS9EeRJznKvOJ1qdOgXuCzv7iPiC8U7qpdxsL_w6rfWWxZmGJSftlCnWWoytD6hLumDS34jzOeiUEjTfGJk8C1Hv3G0j_xciUzCc4bhGElT47wNwcU-1BVr4oHtn97LdZUJNVJSha3glmX1num4b063G1Y9dSFug_Ob_lpaFMS-929DlwYBF23-xs671OVmvKajP6cSA82KbgY9I14vO9EnEIgMXNpWiTexgpVuoup4k3Evqip14UDektWJZr2sZTTicVtWhhhO_3HFcbLz9RI1bus4UaV4zsXmsFtyDD9iSBE97Wl_9dvlJcyw882TPLFMTVKqu8Hu0TgiluGZ3otr_MRQQo2ANCc_j2sJ_7gC3kqUJJ-oSMCdqzNE-zLq81NUy5gksw4MMvNU2FLyS-_Me3Zl6ho3Lczyyu5cWMbQq-LM5imd8iYa1VQsH7SrKKjFcDx4K633aPPmGlNq2RysrZXg-djLTVSpMlENH9sFQLA1nETUSbhUdVtk8bROGPMdrknMyKzRgHe3Yr_HMuJ0cyTOsisAv-x1JFzsguXxLyPt1TESLf4lwQD9Ge9x2PaLJtxOSHS0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C0A8 16 KB
6 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201104/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Mon, 09 Nov 2020 14:25:07 GMT

GET
H/1.1

200
OK

RX-2dc46f89-d12f-4f0c-9d84-86ec8e958bd5-003
sync.targeting.unrulymedia.com/csync/ Frame 84B9
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003&rndcb=1296106699
https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-7e90ea35-a231-472c-b44d-f7da1079f3b4-003&rndcb=1296106699
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=adconductor
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=adconductor
https://x.bidswitch.net/sync?dsp_id=70&user_id=8380723203550161504&ssp=adconductor
https://sync.1rx.io/usersync/bidswitch/87ad9391-c956-4e30-8ba5-207788058c53?gdpr=&gdpr_consent=
https://sync.1rx.io/usersync/bidswitch/87ad9391-c956-4e30-8ba5-207788058c53?zcc=1&dspret=0&cb=1604931908194
https://sync.targeting.unrulymedia.com/csync/RX-2dc46f89-d12f-4f0c-9d84-86ec8e958bd5-003

43 B
452 B

47ms
46ms

Image
image/gif

213.19.147.150
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-2dc46f89-d12f-4f0c-9d84-86ec8e958bd5-003
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.19.147.150 , United Kingdom, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 09 Nov 2020 14:25:08 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:08 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-2dc46f89-d12f-4f0c-9d84-86ec8e958bd5-003
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 84B9
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=c0ba5fa9-5143-4d00-ace1-625483b2a5e1

49 B
930 B

72ms
71ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=c0ba5fa9-5143-4d00-ace1-625483b2a5e1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 09 Nov 2020 14:25:08 GMT
Server: MT3 3322 7ec6219 master cdg-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=c0ba5fa9-5143-4d00-ace1-625483b2a5e1
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 09 Nov 2020 14:25:07 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 84B9
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528

49 B
800 B

73ms
71ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1041246337751330528
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 84B9
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82

49 B
930 B

70ms
70ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:07 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=1da2a11e-6561-4478-be28-cf4996762e56&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 84B9
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=63fca01c-1550-419f-8ed6-6ab59872bdb1&google_hm=NjNmY2EwMWMtMTU1MC00MTlmLThlZDYtNmFiNTk4NzJiZGIx
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=sonobi&bsw_param=63fca01c-1550-419f-8ed6-6ab59872bdb1&google_hm=NjNmY2EwMWMtMTU1MC00MTlmLThlZDYtNmFiNTk4NzJiZGI...
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESECEw3MwqxHTGf_zGnrqXEFg&google_cver=1&ssp=sonobi&bsw_param=63fca01c-1550-419f-8ed6-6ab59872bdb1
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=87ad9391-c956-4e30-8ba5-207788058c53

49 B
840 B

38ms
32ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=87ad9391-c956-4e30-8ba5-207788058c53

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Mon, 09 Nov 2020 14:25:08 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=87ad9391-c956-4e30-8ba5-207788058c53
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 8978 0
0 35ms
35ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.197.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=9ff634a0-83a9-4392-a7e8-cfb067760554|1604931905; pd=v2|1604931906|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=9ff634a0-83a9-4392-a7e8-cfb067760554|1604931905; Version=1; Expires=Tue, 09-Nov-2021 14:25:07 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1604931906.1|kiiygevNgun0.mWgqsLommOns; Version=1; Expires=Tue, 24-Nov-2020 14:25:07 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.197.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 09 Nov 2020 14:25:07 GMT
content-type: text/html
content-length: 315
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 233D 0
0 25ms
24ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Connection: keep-alive
Content-Length: 17037
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: W/"5e7a2cb3-cefd"
Expires: Fri, 04 Sep 2020 06:04:52 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 09 Nov 2020 14:25:07 GMT
Age: 29881
X-Served-By: cache-lga21942-LGA, cache-hhn4034-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 479761
X-Timer: S1604931908.786075,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 85B7 0
0 37ms
37ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=158127:2; KADUSERCOOKIE=A032C2DA-09C6-4346-B210-4EB84E062C77; chkChromeAb67Sec=1; DPSync3=1606089600%3A197_219_201%7C1604966400%3A174; SyncRTB3=1605484800%3A15_67_2%7C1610064000%3A69%7C1606176000%3A35%7C1605744000%3A63%7C1607472000%3A203%7C1606089600%3A56_88_204_21_161_8_99_165_13_55_189_22_81_78_222_220_71_166_176_54_7_3_223; PUBMDCID=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=102564
Expires: Tue, 10 Nov 2020 18:54:31 GMT
Date: Mon, 09 Nov 2020 14:25:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 visitormatch
bh.contextweb.com/ Frame 08CA 0
0 112ms
111ms Document
text/html 198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid_uids2.js?v=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vf=1; wf=0; V=hVM64bSguDBw; pb_rtb_ev=3-13m9|7LJ.0.c39a27a0-32c1-4b69-9711-bf218dc148e9; INGRESSCOOKIE=e0ec44572a441778
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-77d4cd6746-dws7s
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
set-cookie: V=hVM64bSguDBw;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Thu, 04-Nov-2021 14:25:07 GMT;Max-Age=31104000;SameSite=None pb_rtb_ev=3-13m9|89b.0|88b.0|8ea.0|2JB.0|7Nq.0|7Bj.0|7aw.0|7TY.0|7LJ.0.c39a27a0-32c1-4b69-9711-bf218dc148e9|7TZ.0|8cn.0|7br.0|7ND.0|7bs.0|6zB.0|7Xh.0|83u.0|87G.0|8bO.0|2N.0|7RY.0|7dN.0|85M.0|4is.0|89W.0|7Rn.0|7I7.0|3oy.0|81B.0;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Tue, 09-Nov-2021 14:25:07 GMT;Max-Age=31536000;SameSite=None
content-length: 3284
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 84B9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZTg0MzNjODUtODY1Ni00YzQyLThiOTUtMDkxOTUxMzdlYjUw
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1

49 B
811 B

73ms
73ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:07 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEHQBuDb4rVOShT2uUr0XTag&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 84B9
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=e8433c85-8656-4c42-8b95-09195137eb50&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=hVM64bSguDBw

49 B
709 B

33ms
32ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=hVM64bSguDBw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Nov 2020 14:25:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
status: 302
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=hVM64bSguDBw
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-77d4cd6746-dws7s
expires: -1

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 2502 0
0 6ms
5ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Mon, 09 Nov 2020 13:43:14 GMT
expires: Tue, 09 Nov 2021 13:43:14 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2513
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 82AB 0
57 B 15ms
14ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201104&jk=33792675344121&bg=!VFelV3fNAAUBH37qAVjO28iape4b0AIAAAFJUgAAACxoAQcKACIenDcHDosOoBm8p_Uv1PCLcMZVQoxaS4SvbuDs0PlQbRI7mQIfMOgdk576c62gJ78dvTKPnWjsr2kEfZI3E2BJAxwmxw6upBL7f1KmC1xs3cSszj6Jd74qQD4YxZlKKRra51K_KPwQ6rXGW4RvahqqziK97hm3Oe0n1PTBhgsYB6I07n7kBvAEmlqSvmnyggLPfp0SJ_LpBUwhHNsXKVOWDjMiaAItvq2rSPzds6NIUDmmANshzEDGCyAcS7UKvn9Wf0JVVMAQS_2HNbo9kRvTCg6Lq09LpGRBFCpwW_A0yWkG05A38qqxr1aERSkQkNz0flR564L1GSFhHJA__o54DjDDnQ7fCYo4J0rqjxMU6UQafJL8iwumuILBG24w879P0dulAhefZOD2C__bC_jkIJ8n7IU5-Q7irKNyaADnE4CYiaArJDuPubH0y6nwf1tKELmo62XM4yRc_1gji6VBOlraRhmTYsXncR3tHD7SZ0LDiFSExEgqH2lVOdJk_OnwFbPC5op_9szh5iE7skEKP8CRzryrCZBBlL7WAF_NN45A7zPcODRPO5U2tJPkkOOV8Cps9D1twFYKpWRdUk6Y4qcxCUdV9PSwsjAgfkOK5R9m5b0eDl80-juFhd2CBUvTfnpXE3lTPNYjl8TdS7srzoGCpAuFxRntky2GLrodKazIN0QXVnLX9ltlkO2QxvEzQsThGNtDGZp78g8CiEGDmSmi2wWijV-Fqe1rSNOpXGu8pCfVauGadlqQsHuZ0N3qncg6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C0A8 0
627 B 42ms
41ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201104&jk=1654642772438112&bg=!7-yl7MzNAAUBH37qAVjQiCxSKr0OsQIAAAD7UgAAAEJoAQcKAOecjDeScr-3tycbePkNC5RmhKxTyLdPa858wmnpSbiOPY8DK_iRTCZOmj8dVzKC6J1GT9F7uU7fvnpsVAGJ2JC6c0TUszp9-wbDTYXx3XBUURC71d728yu1Ld-aV9NmDeAvX_sQZOhXE0Bx5DLyQJoOYvCE2wZaJb37mSZubj7QDPLv42HFFiCFI0B7wb2maoFXVGVkFzct5kTCObdnG4JconZeaUZ1iGvyLhiw46VzZHDsag2xNP2k0btQ_Upu08niQGK4sq6UfXD7JzhcAnjwIGeQryWRskdyYVzcja8HEcDQX8Bmxf6ZAg_ClrSxD0-mUfBZLryT3I47eJDLmcAHAcQPB8fVL1IKCWzfMl_0gssAKUuvSGkfVmmfNSVWkL5E0G8s5Mzabh125rHTYwqJk7HAbvgI9D6N0oKzYFYV1YHPYIUr8RseGbOBxR9j9ZRFiU-tMezHNkUWg6eEFLcpq0r534nO0NmaSsblg3aiuODtQeDSK3BOcBH9mWXjuRA2wygA4VohDYqSa3LMfTh4WrIxIE29v-jutkP27aXMpKfhCffO6NYthGbdES0K1GOsLt42ZH-FZ1gfGKwMZRZcLuNSWHKalCPSlJi8Kfx1VldreWGLxMaY8bNZEm2Kuo5Nbgx1OBMtiEDCeGOtaZseMQRrBkkqVMSUuqibJFVvaWZLVZh3T3uZdYBeNZ8wz3uotWDfkNRGWetJpfxQB9tUNKq0pOX9EA2hnKLBNHunDjyNAMa9r26r87RbYfqh3Y3dQHdkSfk6E_PSABhfx86tMStaGO3XWMg-JPm7Shbr6zPVDjlSfMf1HFgPEUT9s8JAFMQuMT5DF6jthKHD5ukMbqgzYZI4k_LBVdAgNzrBP-iQhe5CdP8a39wGVDODZEzqjcVgmE5I160SA0EYG6a9pbDXb4gs26_LUeH1HP2tD57hkwtKyDb41VoRTHulZe2zRDdj8wg5RtuTcjsIRfQo0DuvK5NOiAnut9JeuQAxYr68uWK2qMtuhA

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Nov 2020 14:25:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 124ms
124ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgZghiBcDaDMB2AbADgAzIJzwEyoBoBGdQ9A8yi6q5AFhsfQF0DwIBnGZNgC15iwiBXAFZW4MDHIgArrJi4Sw8ADcYIEGwCW66AxAcALhCOyucMcSwSAXlGgqADgHMN6tgFMAdnpBOtEBcBaBAiZHQ6HCIsdFFIong6IiJRMXxRVECjCzC6XCwMRDpkMUzA1VzkADp0aqQiQIgAGxh4NjAAYxgAWhVPI20YcMjo2INjN2gZDgBrDRGo+BjIgH0kbHQiFGRRZGRAz20A0KJUUWrUmu2LkkRD2QcVWSHpr1VWuFBvCABbTw0ACNtAATEGeABOq1BgRBpgcoGBYMh0JBMG8smazTYqm0qIWESWKzoyWS+GQiCyAF8qQRvn8AaEkeCoTC2HCTDBEaCWfjoBisTi8TDToSxpF4OhilgcKJ4CAaXSQD9-kCeSi2SAOQiQMyNWj+ZjsSBcXywmLluNcEkSKhcHR5Yr6aqmerWWj2fCubq3Wa6BVhQbzaNLQkIvEiMkDjSJBxmsYCSGVvF4Ac2M0pI4hWbFuL8jbSPb5WxOuYjGbUABhACqogAQgARZAAUQA6oEXN1HBaVrEKWwAI6MlRgV7oKlAA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:09 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 124ms
123ms Image
image/gif 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=160493190504134115252858_N4IgLgDghiBcDaiCMAaADAXSykBLAbnABw4DOYUYArqXPACwBMKSAnBjgF4yyogQBzOCEI4ApgDtCsfiBwCAFsKQA2NPVYBmNmgCs6pJvpIkuxmaK6ic8LRlImrImgDs9Feas38dkCoB0aP6aLkg2UAA2cJo4AGYAxnAAtHxiYLhwqupaOvRkYEKwaGQA1spqGtqs6gD6ISrVSC4qKrotNmK4EMqW-qYBTbp9rh1UPHxUGUXi+FEIoBJQALZiwgBGuAAmm2IATjVbNpuUPKAb23sHm3ASVBEROPi4V+XZVerGxoxEKi7WAL7-FALZarGTnHb7Q44Y4UOBnLaQl6wW73R7PQ72Co5ar0TSuDRaXSaECA4EgRYrdaIy7QkCw04gCG064ou4PEQY1kgLKVXKMIxINBERh40lAkFU8E0qHXGEneFMmXIkD0bxc1583FZfQOVTijggUgRcianF6NCaFQ2CKxTLolW881MQXC0UknDxGhgFVEADCAFVdAAhAAiKgAogB1GwCRK8bFVQxoFQkEAARzBfFiUzQ-yAA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 14:25:13 GMT
status: 200
x-powered-by: Express
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T

POST
H2 200 ptmdP
dt.clnmde.com/ 7 B
328 B 123ms
123ms Other
text/html 34.196.9.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/ptmdP
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.9.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-9-135.compute-1.amazonaws.com
Software: / Express
Resource Hash: aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer: https://securityaffairs.co/wordpress/110554/cyber-crime/office-365-phishing-inverts-images.html?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 09 Nov 2020 14:25:15 GMT
vary: Accept-Encoding
status: 200
x-powered-by: Express
etag: W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 7

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=d2c1d626d6d17b7c784678224f6cb29e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=d2c1d626d6d17b7c784678224f6cb29e

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 13:48:52	Name: test_cookie Value: CheckForPermission
.pxlclnmdecom-a.akamaihd.net/	1970-01-23 06:41:45	Name: bafp_t Value: 5c972ef0-2297-11eb-be1a-81e090fcd8ee
.pxlclnmdecom-a.akamaihd.net/	1970-01-19 13:48:53	Name: bfp_sn_td_2a17fb019fa8803fcc76a437c68e2235 Value: 1604931904_376901766566_2a17fb019fa8803fcc76a437c68e2235
.pxlclnmdecom-a.akamaihd.net/	1970-01-19 13:48:53	Name: bfp_sn_t_8b2087b102c9e3e5ffed1c1478ed8b78 Value: 1604931904_376901766566_8b2087b102c9e3e5ffed1c1478ed8b78
.pxlclnmdecom-a.akamaihd.net/	1970-01-19 13:48:53	Name: bfp_sn Value: 1604931904_376901766566
.media.net/	1970-01-19 22:34:27	Name: visitor-id Value: 2479335055348335000V10
.securityaffairs.co/	1970-01-19 23:10:27	Name: __gads Value: ID=04e136036035515d-222356112ab9005d:T=1604931906:S=ALNI_MYVH1nnTqTGOq058EufK0X4M8jKrw
.securityaffairs.co/	1970-01-23 06:41:45	Name: bfp_sn_rf_8b2087b102c9e3e5ffed1c1478ed8b78 Value: Direct
.securityaffairs.co/	1970-01-19 13:48:53	Name: bfp_sn_pl Value: 1604931904\|1_376901766566
securityaffairs.co/	1970-01-19 22:34:27	Name: cookielawinfo-checkbox-non-necessary Value: yes
securityaffairs.co/	1970-01-19 22:34:27	Name: cookielawinfo-checkbox-necessary Value: yes
.securityaffairs.co/	1970-01-23 06:41:45	Name: bafp Value: 5c9692b0-2297-11eb-b992-3f294f7c8838
.media.net/	1970-01-19 18:15:15	Name: gdpr_status Value: 1
.securityaffairs.co/	1970-01-23 06:41:45	Name: bfp_sn_rt_8b2087b102c9e3e5ffed1c1478ed8b78 Value: 1604931905043
.securityaffairs.co/	1970-01-20 07:20:03	Name: _ga Value: GA1.2.2088939211.1604931904
.securityaffairs.co/	1970-01-19 13:48:51	Name: _gat Value: 1
securityaffairs.co/	1969-12-31 23:59:59	Name: hbcm_sd Value: 1%7C1604931904761
.securityaffairs.co/	1970-01-19 13:50:18	Name: _gid Value: GA1.2.52806587.1604931904
securityaffairs.co/	1970-01-19 13:48:53	Name: session_depth Value: securityaffairs.co%3D1%7C733976884%3D1%7C829833831%3D1%7C184323154%3D1%7C647633027%3D1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

87132910b9c6a19ee7061d955a2f044d.safeframe.googlesyndication.com
acdn.adnxs.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservetx.media.net
adservice.google.com
adservice.google.de
apex.go.sonobi.com
bh.contextweb.com
bid.contextweb.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
c1.adform.net
cdn.pixfuture.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
dt.clnmde.com
dt6.clnmde.com
eu-u.openx.net
fonts.googleapis.com
google-analytics.com
googleads.g.doubleclick.net
gum.criteo.com
hblg.media.net
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
ice.360yield.com
l.sharethis.com
lg3.media.net
match.adsrvr.org
maxcdn.bootstrapcdn.com
navvy.media.net
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
prebid.mgid.com
pxlclnmdecom-a.akamaihd.net
qsearch-a.akamaihd.net
secure.gravatar.com
securepubads.g.doubleclick.net
securityaffairs.co
served-by.pixfuture.com
stats.wp.com
sync.1rx.io
sync.go.sonobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
ws.sharethis.com
www.google-analytics.com
www.googletagservices.com
x.bidswitch.net
fonts.googleapis.com
104.19.134.78
104.84.56.24
104.90.192.189
151.101.113.108
172.217.22.66
178.162.133.149
178.162.133.150
18.158.102.26
185.29.135.42
185.31.128.129
185.33.221.13
185.64.189.112
192.0.76.3
192.0.77.2
198.148.27.133
198.148.27.140
2.16.186.66
2001:4de0:ac19::1:b:2b
2001:8d8:100f:f000::289
213.19.147.150
216.58.212.162
23.210.249.92
2600:1f18:42df:3a00:12da:42aa:e6d2:7a87
2600:9000:20eb:8000:c:abe:f440:93a1
2600:9000:20eb:8e00:3:c04e:c780:93a1
2600:9000:2190:7400:1c:8a07:5e80:93a1
2600:9000:2190:b600:c:a9b7:ddc0:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:20::681a:a9c
2a00:1450:4001:800::2001
2a00:1450:4001:801::2001
2a00:1450:4001:801::2002
2a00:1450:4001:802::2004
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:81a::200e
2a00:1450:4001:81f::2002
2a02:2638::1c
2a03:2880:f01c:8012:face:b00c:0:3
2a04:fa87:fffe::c000:4902
3.121.118.243
34.196.9.135
35.244.159.8
37.157.6.245
52.48.46.226
52.57.230.211
54.153.104.139
68.183.31.14
92.122.188.41
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
01a15643fbfd8ef3298e03c1e28adcb14ac074a9abb37c6f25a8840824a2d507
04425238d31ae01bde720f79e8804ec8b39ed173216f7dd72419bf11b5121022
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
093fa1b3be5a5ed806dc8873e932ce049231b1b9bab39fb85e63ab8229d57c0b
0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
131388da120ce67d1568126f80a9963eacd1aa6c87ce8bfbd200fc95970c98fa
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1b57c7c5d11c85cba3600f0c3289c9b85cd9efa03374655f1967b32588378f87
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
22f38713e3cb086adc05ce7b3f126b1a3c18d0bd120bafd17c85117de81741b8
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2cc89c3da76fd4c0946e9b04449529037989c7d3474321103c21e3733e6733ad
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
3f3f53c7df181558954a6042ad944d1e41bd95c2dfe3a8f1e0429b2062b9cbfe
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
47a084426d419f43b538adfc46d2b8b50e0bb4e7d3ae1794676031e55be9c270
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
554d0469dde9956750ad1911c1396472421bfeb5698a7233bb8ffe528da96a8c
56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6
59c07ad5c2d56ddc220db55646f846b5dff3342cd04b076793335d009c8183e0
60703938a4092034ac398dac0d2cdc29dc7633200013f7d1bd93b4d5834f41b6
618cf25968659ae00e9ca14d4657708de0b877d9eabdf3bcb549e8c1506780fb
63887511de2844bdf198ee78040bc15b4425a39950ecf0ea317155525e98c379
643a860832456b5a74825b79d625434b5c4c2a344b8f9bef3614b327bea52646
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6828f1bdae5c7b89d801df314049a2d65159a4284ee530e5c848a153eadf8c87
6d7d8b5166693d824356fd913840d94a4e76e9377f67035401b01c5ed1d23362
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
78623d1c1b389318ef86cc8c6125f0548fcf0eec68cc79a508d7ca6143072a87
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7b420ad439dadbbbc88cef506a6e2ea73c331178f08f984c6b230cec7ac66a04
8095a4e6a6bde1923548e322ec829f77c084bd89b473613d85184d241e4a8f5a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
846cba34fc928290d11782bcb469204abc75a94f1840b520488638ccf07f8b1e
872a7aff33d0ab19ad32920896a285cf2375827b1a15f99247eaa7df1d291a09
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
903ce9b6f8ccaab71d7136e6f2d0a63cd8a189a1bf76c5466aeb3764ba48602e
936c3e0cfba7a07ab55be383aeca9d39dcde7b4e9cddbfd973f78e34d3cc7078
949a74d5c9b30adeb638aed4ee5d24f5249c15761f8e82451fe0e9966a978324
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9b5b9b8b1984a7b55656ca3d243deb436e049467353f6e61e73ac8bd0ab2a636
9ec9a8bba6033a826d008ae08eb131a0e9f4f8699615d2a0b0998069ca415a75
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
abc6a3677d9cf550a5f52211b5f6f5e3440dc7bb8c2fed463607c82e7ab58449
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b2b347c58c89853494ea4063efb43a3c48bcc3f93e6d0cd49ebbab4d69294616
b3c067874311b0e0826604e43f39884972f14f61c0f3d965086496a7bfd463d1
b67b0772cddf8915ec85788e361a4331fbdcc4bcf7656b9d6aa4299b5b470f9e
b834a80037718e3da7f92199034dc59611ed774af41f1e84fa1e0d97c4261192
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bff72ff19963fb873cb8248c567f746a096cf4bd4999f0ec160742f88d1df0b3
c22b0e2c4777fc1e56c64d8e4b2501069c3addae0a9c11c4795ebe4d22ca851f
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc
ca435c33acbc343c9a3db08401ea0b95c724474a8deea44bb6cce17b005739a9
cc93088d94bf31e9a15b335fdd7bf6969b7f08e1a0c3571e15481014eeb0ee7b
cdb399f8da99653cf6f6480f958c4e6740c116d1807e531a08e915c832e4031d
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0f54fc7ceba0a3a87836b41b32f92c4410ebbe24f096687ecd267436c2878c7
d24350e3a8c6e3963544189c3d0cfcd8c11e5dbac0de76aace83993b7d16dcf6
d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb
da964f62d626d1d0d8a931e4fa1d5e21c7e755ba4d152bffd3532ea611024fb6
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dbe496df58637637fcddcd37377b4d2094eb2557c9d595e23b0c79b23ad8fb1a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3615bf76fc1c571a93f8e97480a71b8371049f3d3dee83ced8c6d2f9bb62eb2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
ea0f5d6f76c2280afc4a467dae93d8fa36d1ce6c8ce491dde0c9203a6269dd23
ee657fa9cbe48aeeda44b31ed4ae2ca1d021a82e301e36a456eafb7c8dda7fb7
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f0d3d5e8244dc1528570498005e8b963908ad2efe06639f7fb3bfaeec5a10daa
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e
f51dca24bab78f0440feb96638dcb951fdb5e2ef6b80f201bd7636a80096d253
f58b1701ba7fcf6fb74d840cb8a4c97f4efb95d472df04a71eb7d43b2595b94f
f7de5c5dc312f8acafd60014578219e0866db1cec0bd90482c8b6e4e49137d04
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa69e3130c45adc1cc943859b9db57f3917d48120ad366d480d15dd742e5a843
fd163655788c9c08b09b6606801711c47d88613e0a0e73d89ffabb16d6b3820a
fec6411c0449c2f2b631cdb40900e968c49501f4e92e7b12e75e1e1bc6ed2813
ff660368b0ed9c7d71ca4acc7178764ba4a016dc8f2d1611dd0922a90af711c2

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

207 Requests

98 %HTTPS

41 %IPv6

35 Domains

59 Subdomains

44 IPs

8 Countries

3414 kBTransfer

5836 kBSize

19 Cookies

13 Outgoing links

Redirected requests

207 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

207
Requests

98 %
HTTPS

41 %
IPv6

35
Domains

59
Subdomains

44
IPs

8
Countries

3414 kB
Transfer

5836 kB
Size

19
Cookies

207 HTTP transactions
8 data transactions