blog.eclecticiq.com Open in urlscan Pro
199.60.103.225 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-a...
Submission: On November 27 via api (November 27th 2024, 11:09:42 am UTC) from IN — Scanned from US

Summary HTTP 137 Redirects Links 73 Behaviour Indicators

Summary

This website contacted 44 IPs in 5 countries across 29 domains to perform 137 HTTP transactions. The main IP is 199.60.103.225, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare London, LLC, US. The main domain is blog.eclecticiq.com.
TLS certificate: Issued by WE1 on November 8th 2024. Valid for: 3 months.

This is the only time blog.eclecticiq.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	199.60.103.225 199.60.103.225	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
2	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1 1	23.201.184.101 23.201.184.101	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:141b:1c0... 2600:141b:1c00:6::17df:d10d	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
16	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:440... 2606:4700:4400::ac40:97a6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
4	31.13.80.12 31.13.80.12	32934 (FACEBOOK) (FACEBOOK)
3	151.101.44.157 151.101.44.157	54113 (FASTLY) (FASTLY)
3	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8c11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:afbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:f46c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:141b:b00... 2600:141b:b000::173b:fbd0	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	142.251.40.168 142.251.40.168	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:33::10 2620:1ec:33::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.33.252.108 13.33.252.108	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:8cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:24f... 2600:9000:24f0:1000:c:7d55:b3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:bdf::40 2620:1ec:bdf::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.164.96.5 18.164.96.5	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:809::200e	15169 (GOOGLE) (GOOGLE)
3	142.251.32.98 142.251.32.98	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
4	172.217.165.132 172.217.165.132	15169 (GOOGLE) (GOOGLE)
2	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.164.96.87 18.164.96.87	16509 (AMAZON-02) (AMAZON-02)
1	3.126.133.169 3.126.133.169	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:823::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9c	15169 (GOOGLE) (GOOGLE)
3	172.217.165.142 172.217.165.142	15169 (GOOGLE) (GOOGLE)
2	31.13.80.36 31.13.80.36	32934 (FACEBOOK) (FACEBOOK)
4	23.96.124.156 23.96.124.156	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	20.110.205.119 20.110.205.119	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.128.9.227 108.128.9.227	16509 (AMAZON-02) (AMAZON-02)
137	44

34 199.60.103.225 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

blog.eclecticiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.eclecticiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.184.101 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-184-101.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:6::17df:d10d (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:4400::ac40:97a6 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.13.80.12 (Toronto, Canada)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-yyz1.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.44.157 (San Francisco, United States)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8c11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:afbc (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f46c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:b000::173b:fbd0 (Newark, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.168 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.33.252.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-252-108.jfk50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8cd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f0:1000:c:7d55:b3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-5.jfk50.r.cloudfront.net

serve.albacross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:809::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.32.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.165.132 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s70-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-87.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.133.169 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-133-169.eu-central-1.compute.amazonaws.com

eclecticiq.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.165.142 (United States)

ASN15169 (GOOGLE, US)
PTR: lax30s03-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.80.36 (Toronto, Canada)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-yyz1.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.96.124.156 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

w.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.205.119 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.9.227 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-9-227.eu-west-1.compute.amazonaws.com

new-collect.albacross.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	eclecticiq.com blog.eclecticiq.com go.eclecticiq.com	390 KB
19	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 14744 js.hubspot.com — Cisco Umbrella Rank: 3653 app.hubspot.com — Cisco Umbrella Rank: 5921 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	52 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 stats.g.doubleclick.net — Cisco Umbrella Rank: 135	8 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 625 w.clarity.ms — Cisco Umbrella Rank: 8046 c.clarity.ms — Cisco Umbrella Rank: 1269	31 KB
8	cookiepro.com cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 9092	123 KB
8	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 3945 px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	166 KB
6	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 142	192 B
6	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 7269 perf.hsforms.com — Cisco Umbrella Rank: 16907 perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	6 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	536 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 359 c.bing.com — Cisco Umbrella Rank: 205	16 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1634 analytics.twitter.com — Cisco Umbrella Rank: 991	28 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	151 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	67 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	212 B
2	t.co t.co — Cisco Umbrella Rank: 904	1 KB
2	albacross.com serve.albacross.com — Cisco Umbrella Rank: 87101 new-collect.albacross.com — Cisco Umbrella Rank: 76514	5 KB
2	matomo.cloud cdn.matomo.cloud — Cisco Umbrella Rank: 17022 eclecticiq.matomo.cloud	40 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	41 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	19 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2580	1 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1016	16 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	821 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 514	306 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	3 KB
1	typography.com 1 redirects cloud.typography.com — Cisco Umbrella Rank: 9685	460 B
137	29

	Domain	Requested by
33	blog.eclecticiq.com	blog.eclecticiq.com cookie-cdn.cookiepro.com
8	track.hubspot.com
8	cookie-cdn.cookiepro.com	blog.eclecticiq.com cookie-cdn.cookiepro.com
6	www.googletagmanager.com	blog.eclecticiq.com js.hsadspixel.net www.googletagmanager.com
6	no-cache.hubspot.com	blog.eclecticiq.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com blog.eclecticiq.com
4	w.clarity.ms	www.clarity.ms
4	www.google.com	www.googletagmanager.com blog.eclecticiq.com
4	td.doubleclick.net	www.googletagmanager.com
4	connect.facebook.net	blog.eclecticiq.com connect.facebook.net
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com blog.eclecticiq.com
3	perf.hsforms.com	blog.eclecticiq.com
2	c.clarity.ms	1 redirects
2	www.facebook.com	blog.eclecticiq.com
2	analytics.google.com	www.googletagmanager.com
2	analytics.twitter.com	blog.eclecticiq.com
2	t.co	blog.eclecticiq.com
2	www.clarity.ms	blog.eclecticiq.com www.clarity.ms
2	static.hotjar.com	www.googletagmanager.com blog.eclecticiq.com
2	snap.licdn.com	js.hsadspixel.net snap.licdn.com
2	forms-na1.hsforms.com	blog.eclecticiq.com
2	cta-service-cms2.hubspot.com	blog.eclecticiq.com js.hubspot.com
2	platform.twitter.com	blog.eclecticiq.com platform.twitter.com
2	cdn.jsdelivr.net	blog.eclecticiq.com
1	new-collect.albacross.com
1	forms.hubspot.com	js.hsleadflows.net
1	c.bing.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	eclecticiq.matomo.cloud	cdn.matomo.cloud
1	script.hotjar.com	static.hotjar.com
1	px4.ads.linkedin.com	blog.eclecticiq.com
1	www.linkedin.com	1 redirects
1	serve.albacross.com	www.googletagmanager.com
1	cdn.matomo.cloud	blog.eclecticiq.com
1	js.hs-scripts.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	perf-na1.hsforms.com	blog.eclecticiq.com
1	api.hubapi.com	js.hsadspixel.net
1	geolocation.onetrust.com	cookie-cdn.cookiepro.com
1	app.hubspot.com	blog.eclecticiq.com
1	js.hs-analytics.net	blog.eclecticiq.com
1	js.hsleadflows.net	blog.eclecticiq.com
1	js.hs-banner.com	blog.eclecticiq.com
1	js.hsadspixel.net	blog.eclecticiq.com
1	js.hubspot.com	blog.eclecticiq.com
1	platform.linkedin.com	blog.eclecticiq.com
1	go.eclecticiq.com	blog.eclecticiq.com
1	cloud.typography.com	1 redirects
137	50

This site contains links to these domains. Also see Links.

Domain
www.eclecticiq.com
github.com
cti.eclecticiq.com
www.infosecurity-magazine.com
sprinto.com
unit42.paloaltonetworks.com
aag-it.com
www.proofpoint.com
www.idagent.com
www.verizon.com
www.bleepingcomputer.com
twitter.com
www.linkedin.com
eclecticiq.bamboohr.com
support.eclecticiq.com
www.cookiepro.com

Subject Issuer	Validity	Valid
blog.eclecticiq.com WE1	`2024-11-08` - `2025-02-06`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh
cookiepro.com WE1	`2024-11-25` - `2025-02-23`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-05` - `2024-12-04`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
hsadspixel.net WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-10-11` - `2025-01-09`	3 months	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
cdn.matomo.cloud Amazon RSA 2048 M02	`2024-09-25` - `2025-10-23`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.albacross.com Amazon RSA 2048 M03	`2024-05-24` - `2025-06-22`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
t.co E6	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-07` - `2025-10-06`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.matomo.cloud Amazon RSA 2048 M02	`2024-05-21` - `2025-06-19`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Frame ID: 6C6BCB9E5F1EE624FD24DD3D5575A64F
Requests: 135 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.eclecticiq.com
Frame ID: 09954F48B3A1A8EA731E6F04DCA371F0
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/961512488?random=1732705774488&cv=11&fst=1732705774488&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: E1990464AD9AF3BD951A9EBB842B4A8A
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fblog.eclecticiq.com
Frame ID: CFD08BEC3D6FF7640B426EC920B7FAF6
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/961512488?random=1732705774580&cv=11&fst=1732705774580&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200zb71624837&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 65598ABDEBFE76687460950CFEFC9DE0
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/961512488?random=1732705774730&cv=11&fst=1732705774730&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: DD144C6443D344CA7BCD45372C7303FA
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-R78SQ447KS&gacid=114135273.1732705775&gtm=45je4bk0v878467757z871624837za200zb71624837&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=914412513
Frame ID: 7B04B00FF2C592E7F98C59BA2D53D8EC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services to Target Telecom and Financial Sectors

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

/alpine(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

137
Requests

98 %
HTTPS

53 %
IPv6

29
Domains

50
Subdomains

44
IPs

5
Countries

1947 kB
Transfer

5919 kB
Size

48
Cookies

73 Outgoing links

These are links going to different origins than the main page.

URL: https://www.eclecticiq.com/about
Title: About EclecticIQ

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/search
Title: Search

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/platform
Title: Overview

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/intelligence-at-the-core
Title: Intelligence at the core

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/products
Title: Products

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/packages
Title: Packages

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/ecosystem
Title: Ecosystem Support

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/services
Title: Services

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/academy
Title: Academy

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions
Title: Overview

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions#team
Title: By Team

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions#need
Title: By Need

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/partners
Title: Our Partnerships

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/partners/become-partner
Title: Partner Program

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/resources
Title: Resources

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/the-cyber-threat-intelligence-maturity-path
Title: CTI Maturity Path

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/take-action-with-cti
Title: Take Action with CTI

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/stix-taxii
Title: What is STIX and TAXII?

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/open-source
Title: Open Source Projects

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/investor
Title: Investors & Board

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/news
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/in-the-news
Title: In the News

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/awards
Title: Awards

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/offices
Title: Offices & Teams

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/packages/cti
Title: TIP for CTI Power your CTI practice with analyst-centric threat intelligence solutions.

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/packages/soc
Title: TIP for SOC Go beyond the IOC to augment your SOC in defense of your organization.

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/products/intelligence-center
Title: Intelligence Center

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/products/threat-scout
Title: Threat Scout

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/products/curated-feeds
Title: Curated Feeds

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions/team/cti
Title: For CTI Teams Provide your CTI team with the automation, performance, flexibility, and integrations needed to supercharge their CTI operations with our range of analyst-centric products and services.

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions/team/soc
Title: For SOC Teams Enable your SOC team to better operationalize threat intelligence for more effective and efficient incident response with our range of analyst-centric management products and services.

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions/need/situational-awareness
Title: For Situational Awareness Improve your situational awareness and mitigate risk with our collection of analyst-centric threat intelligence products and services.

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/solutions/need/collaboration-dissemination
Title: For Collaboration & Dissemination Operationalize threat intelligence for more effective and efficient incident response with our range of analyst-centric management products and services.

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/resources?type=white-paper
Title: White Papers

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/resources?type=product-description
Title: Product Descriptions

Search URL Search Domain Scan URL

URL: https://github.com/eclecticiq
Title: EclecticIQ on GitHub

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%201.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%202.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%203.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%204.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%205.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%206.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%207.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%208.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%209.png

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%2010.png

Search URL Search Domain Scan URL

URL: https://cti.eclecticiq.com/taxii/discovery

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/public-feed-manual
Title: support page

Search URL Search Domain Scan URL

URL: https://www.infosecurity-magazine.com/blogs/threat-targeting-cloud-services/
Title: https://www.infosecurity-magazine.com/blogs/threat-targeting-cloud-services/

Search URL Search Domain Scan URL

URL: https://sprinto.com/blog/phishing-statistics/
Title: https://sprinto.com/blog/phishing-statistics/

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/platform-abuse-phishing/
Title: https://unit42.paloaltonetworks.com/platform-abuse-phishing/

Search URL Search Domain Scan URL

URL: https://aag-it.com/the-latest-phishing-statistics/
Title: https://aag-it.com/the-latest-phishing-statistics/

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/resources/threat-reports/state-of-phish
Title: https://www.proofpoint.com/us/resources/threat-reports/state-of-phish

Search URL Search Domain Scan URL

URL: https://www.idagent.com/blog/phishing-as-a-service-phaas/
Title: https://www.idagent.com/blog/phishing-as-a-service-phaas/

Search URL Search Domain Scan URL

URL: https://www.verizon.com/about/account-security/sim-swapping
Title: https://www.verizon.com/about/account-security/sim-swapping

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/
Title: https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&text=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&via=EclecticIQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&title=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&source=eclecticiq.com

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/privacy
Title: Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/services/professional-services/threat-intelligence-consultants
Title: Threat Intelligence Consultants

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/resources?type=white-paper#overview
Title: White Papers

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/resources?type=threat-intelligence-report#overview
Title: Threat Intelligence Reports

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/resources?type=product-description#overview
Title: Product Descriptions

Search URL Search Domain Scan URL

URL: https://eclecticiq.bamboohr.com/careers
Title: Join the Team

Search URL Search Domain Scan URL

URL: https://support.eclecticiq.com/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/impressum
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/cookie-notice
Title: Cookie Notice

Search URL Search Domain Scan URL

URL: https://www.eclecticiq.com/code-of-conduct
Title: Code of Conduct

Search URL Search Domain Scan URL

URL: https://twitter.com/eclecticiq

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/eclecticiq

Search URL Search Domain Scan URL

URL: https://www.cookiepro.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://cloud.typography.com/6857996/6625032/css/fonts.css HTTP 302
https://go.eclecticiq.com/hubfs/_system/fonts/823623/865C3A0CD95813ABE.css

Request Chain 103

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39867%26time%3D1732705774838%26li_adsId%3Df5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8%26url%3Dhttps%253A%252F%252Fblog.eclecticiq.com%252Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%253Fhss_channel%253Dtw-2469058513%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&cookiesTest=true&liSync=true&e_ipv6=AQJq2ky6bpnT4QAAAZNtT_AMRbA0_zuU78JkzChk5xIvgT2AGRvJ8C6CiCcVZziqdim12g

Request Chain 133

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=70ADC5E1A6CE4C0EA2B354604CBF8A3C&RedC=c.clarity.ms&MXFR=0752D8C2628E68FC037ACD86668E6622 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=70ADC5E1A6CE4C0EA2B354604CBF8A3C&MUID=2414205E32AB61C10ED1351A330C6067

137 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors Show response
blog.eclecticiq.com/ 182 KB
26 KB 527ms
410ms Document
text/html 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abd96e35625aaa0d926661ee8fb009afb3df4cd14bd586090196ace4c7950d3e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-183055953041,CG-5888282128,P-2831317,CW-41355437421,CW-43177601357,CW-43268278086,CW-47075546374,E-41352775774,E-41355319574,E-41392089753,E-41400026625,E-44851601747,E-44893252747,E-45250295658,E-46859996465,E-47075831993,E-48138327621,E-48253907595,E-48254175782,E-48254494874,E-48254541730,E-48256330053,E-48257056615,MENU-44896323488,MENU-46861255345,MENU-46943795622,MENU-46947470646,RA-123343345697,RA-44851235629,RA-45557110309,RA-46477177713,RA-47367389799,RA-47367595682,RA-47367595683,PGS-ALL,SW-1,B-5888282128,GC-47009761863,GC-47075974728
cf-cache-status: HIT
cf-ray: 8e91aaa38ed9747a-MIA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Wed, 27 Nov 2024 11:09:32 GMT
edge-cache-tag: CT-183055953041,CG-5888282128,P-2831317,CW-41355437421,CW-43177601357,CW-43268278086,CW-47075546374,E-41352775774,E-41355319574,E-41392089753,E-41400026625,E-44851601747,E-44893252747,E-45250295658,E-46859996465,E-47075831993,E-48138327621,E-48253907595,E-48254175782,E-48254494874,E-48254541730,E-48256330053,E-48257056615,MENU-44896323488,MENU-46861255345,MENU-46943795622,MENU-46947470646,RA-123343345697,RA-44851235629,RA-45557110309,RA-46477177713,RA-47367389799,RA-47367595682,RA-47367595683,PGS-ALL,SW-1,B-5888282128,GC-47009761863,GC-47075974728
last-modified: Wed, 27 Nov 2024 11:09:27 GMT
link: </hs/hsstatic/content-cwv-embed/static-1.1293/embed.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0yKhI0tAgj2JYKxAH6HkArOryJaEIz2ZyG8vdMnpQigPMu3SkGjI0oAvmIaSBF1bBPTCkzM1emYsn7TlP7I%2BmWyj59HJHq3SbehRE5bj%2BEy%2FKyPn9xgPmV5DvzVM5bR6OqvVC4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 272
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-55cf57c567-sz69w
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-campaign-id: 6148adfa-5476-4f80-947a-c18923129d67
x-hs-content-id: 183055953041
x-hs-hub-id: 2831317
x-hubspot-correlation-id: 45868e74-0098-483d-8806-c04f202416a6
x-request-id: 45868e74-0098-483d-8806-c04f202416a6

GET
H3 200 embed.js Show response
blog.eclecticiq.com/hs/hsstatic/content-cwv-embed/static-1.1293/ 13 KB
5 KB 59ms
57ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
age: 1280001
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jzP2XvXdBtrWdzzwjrxln0Jr4%2BSRWfqHIfSQq8SmG7Iqp%2F80aRKkajv2I%2FOtDcnwCLJIM3aORHXjJZWJTJyvDRmyXTyWBIkjtWlAXlQQ45s9IMmwdzsMpI7CEr%2B%2BXQhaZih7qWU%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 27 Nov 2025 11:09:32 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SMOqEuZRrEsypA-F0ZJnMjv8Wha71yjtcp_zKDRMLAI4ML-JQkjjyw==
date: Wed, 27 Nov 2024 11:09:32 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 15167ef85a9fc2764e4d5ca36adfffde.cloudfront.net (CloudFront)
cf-ray: 8e91aaa6392a747a-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
blog.eclecticiq.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 60ms
56ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 261563
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YLdGetv%2BU8q%2B7RybCZ2Vh%2FSSvtrgCgzxbdxHBGxlsQbL6Kzq3L9w2U97YrmniBk5qU3CLCSzuP1CUBAstb2mPTsVjxov%2Bc6ksFevD4B%2FMh55Y9xDBWD%2B0guaPVV2FkW%2BkVz910Y%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 27 Nov 2025 11:09:32 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: LH-JYInVf01hFJyzH2_HbHDfyJ_0PtaXqvFQbMrqQ79tzPmp1VGiRw==
date: Wed, 27 Nov 2024 11:09:32 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 873ea86a53e828bcd9ffd511bda586c8.cloudfront.net (CloudFront)
cf-ray: 8e91aaa64930747a-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 v2.js Show response
blog.eclecticiq.com/_hcms/forms/ 484 KB
161 KB 89ms
85ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 726cf459-d55f-487c-9fcc-5aa7e8199dc6
content-encoding: br
cf-cache-status: HIT
etag: W/"53fa063fb1734ce6bb187c96e7665972"
age: 348
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-amz-version-id: kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BkCsntDnkiVdim%2F7FrJUTNprjCL0YrPwrsPGts9WxaFXOAHzj8QnUH%2F47etFltu9ReeJN8ak7jy%2B19yor9LP5mWvT3YI3hlqq%2Bleoaa5%2FzJLc5%2B2nfYdvp2NxKjHW%2BDPLr3R%2FfE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 0MUsJ8vt0DIYGn3WUfj_cLDuYDRvxdEccypY5iFzI__mFn2x84Oxdw==
x-hubspot-correlation-id: 726cf459-d55f-487c-9fcc-5aa7e8199dc6
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 17:07:16 UTC
priority: u=1,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-d4m8q
x-envoy-upstream-service-time: 3
x-hs-target-asset: forms-embed/static-1.6227/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8e6a896761d4da7f-MIA
via: 1.1 58f689028f521999dd25fa234ad8a3f4.cloudfront.net (CloudFront)
cf-ray: 8e91aaa64933747a-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H2 200 index.min.js Show response
cdn.jsdelivr.net/gh/alpine-collective/alpine-magic-helpers@1.2.x/dist/ 33 KB
11 KB 109ms
31ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/alpine-collective/alpine-magic-helpers@1.2.x/dist/index.min.js

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

001d4aa7663bdc60c02f6d8d2d0d7b319bb3e744c66d4451f1341661371a4d70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"833c-Ahl8yrSqcUs+LkHaSZMXwR5FUvA"
age: 21508
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220091-FRA, cache-mia-kmia1760041-MIA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10578
x-jsd-version: 1.2.2

GET
H2 200 alpine.min.js Show response
cdn.jsdelivr.net/gh/alpinejs/alpine@v2.x.x/dist/ 26 KB
8 KB 31ms
30ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.x.x/dist/alpine.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dfbc6f14aa1ece087d34da8e25c9bc329b4a6d3757f87748ca4b5319c8a01d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"6969-PYk6WU7wXAXPX7qrRZSTVytMicQ"
age: 42817
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230038-FRA, cache-mia-kmia1760041-MIA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 8356
x-jsd-version: 2.8.2

GET
H3 200 styles.min.css
blog.eclecticiq.com/hs-fs/hub/2831317/hub_generated/template_assets/41355319574/1710492944740/eclecticiq/assets/css/ 55 KB
14 KB 63ms
60ms Stylesheet
text/css 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs-fs/hub/2831317/hub_generated/template_assets/41355319574/1710492944740/eclecticiq/assets/css/styles.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98b071a446b6ef9771d185dab1377c585fc94620136b4a891a00bb17ae9ed980

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: a31dac98-867e-49b8-b3f2-5d55a4065ed0
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9dda24e4719fad56f5822035bddbec41"
age: 2918
x-amz-version-id: RGXWlaSjSsz0j5qQm30BvRMcwGHe_1vs
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qm1HLmxUKumLiqyG4Z%2BRzg3FExdngPyFNiBfn1uOW3I078nRALXXT6lk09UZ9rpkqmM9aXxHjLZ%2B7ZI7Sn4yuNagwnxDp7ZEX4WQJrhKGcy2Ay%2BTv7my2EHET7zWKY6RaAZBnWM%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 3uFSnAykIGZ4mADxwT4VQ96nhnCbitbpeTeaFB7tLbBXLpqvSf5NCQ==
x-hubspot-correlation-id: a31dac98-867e-49b8-b3f2-5d55a4065ed0
content-type: text/css
last-modified: Fri, 15 Mar 2024 08:55:46 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-zplxk
x-envoy-upstream-service-time: 202
x-amz-request-id: 04VNMAFN6C2H04PC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: origin, Accept-Encoding
x-amz-id-2: lOOiXx+2zyUR+C4xy4t4Yi5uu04rJbmPhF4yXqBD7a2BkiKCVXvNiH4BFlpvyYI0XYrOdXZSDujRTyGDeje+oi2FPSA7AjN0lniMxdf9T7M=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.eclecticiq.com
access-control-allow-credentials: false
via: 1.1 64c95802ff188dd41dd32c313bef089c.cloudfront.net (CloudFront)
cf-ray: 8e91aaa64935747a-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1710492945641

GET
H3

200

865C3A0CD95813ABE.css
go.eclecticiq.com/hubfs/_system/fonts/823623/
Redirect Chain

https://cloud.typography.com/6857996/6625032/css/fonts.css
https://go.eclecticiq.com/hubfs/_system/fonts/823623/865C3A0CD95813ABE.css

115 KB
87 KB

173ms
71ms

Stylesheet
text/css

199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.eclecticiq.com/hubfs/_system/fonts/823623/865C3A0CD95813ABE.css

Requested by

Protocol

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa8c44d6e0594921a365b69aa84bc6d026445b51b67a5c0d9afd369b663216f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"3198a5ad00b29a67f6ca5ad09cb2dd3f"
age: 84890
cache-tag: F-49247405579,FD-49247405476,P-2831317,FLS-ALL
x-amz-version-id: XsW5I89YEsjWvza2BdI7wGVaMwRDppur
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SHZn%2FGbXekYr7fmxBtzhEajSys%2Bzgy%2Bxh%2FMsjmbbeWLCZoKsWVvA2jebdegKlzcCUustKbO%2F%2FdGj2dwp1W3gSnTquVsoiGL%2Fr1Qp5ZISQjzeX6JJSV7tviSvnvqDGGs29e5O"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: CUJarlmJ5RgDCRBLO_EiKb7cWZtlb_U-chHegJdWeZyAo7xDXbG2VQ==
content-type: text/css
last-modified: Tue, 22 Jun 2021 12:31:26 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-49247405579,FD-49247405476,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 4WT8JQW44E50VB5H
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-49247405579,FD-49247405476,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Accept-Encoding
x-amz-id-2: SbfA3cNKMNYPGZAARHRWIW1ai8CwweLGDt/wtoX0SWM4hlaHaA8aXkcyfKo/QD0cRZlUOhcURfBOGiy2UAaCZg==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 111ebfb08854e3536ddd29ae1254b43e.cloudfront.net (CloudFront)
cf-ray: 8e91aaa94cc39aec-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1624365053513

Redirect headers

Cache-Control: must-revalidate, private
Location: https://go.eclecticiq.com/hubfs/_system/fonts/823623/865C3A0CD95813ABE.css
ETag: "1ecf0b2be9ada47eaf298e758cbab35d:1624365115.577886"
Connection: keep-alive
Expires: Wed, 27 November 2024 11:09:32 GMT
X-HCo-pid: 19
Content-Length: 154
Date: Wed, 27 Nov 2024 11:09:32 GMT
Content-Type: text/html
Last-Modified: Tue, 22 Jun 2021 12:31:55 GMT
Server: AkamaiNetStorage

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 769ms
129ms Script
text/javascript 2600:141b:1c00:6::17df:d10d
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d10d Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Play /

Resource Hash

66c4915b482a45c23cb7d724fb26c2b1e819affee8367f7015ece86e6fcd5732

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
x-li-fabric: prod-ltx1
x-content-type-options: nosniff
expires: Wed, 27 Nov 2024 11:56:45 GMT
x-li-proto: http/1.1
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-cdn-client-ip-version: IPV6
x-li-pop: prod-lva1-x
cache-control: public, max-age=3600
x-cdn: AKAM
x-li-uuid: AAYn4tJWCzoEIzamfMdWRA==
content-length: 163630
x-li-source-fabric: prod-lva1
server: Play

GET
H2 200 e65cc8f4-762c-404c-9fab-eb19f6028e97.png
no-cache.hubspot.com/cta/default/2831317/ 2 KB
3 KB 190ms
102ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2831317/e65cc8f4-762c-404c-9fab-eb19f6028e97.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

400f7fabe28b89834e86df85044f49cef21301f0efc25027db3e5bbec38b855c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: DYNAMIC
etag: "1e2c3ebda50f14268d38abfa8efedc52"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=engxI9dCh%2FlhOrBzi%2BoZNcIKBDswt%2B785EDRn3vvjltCn8015PZdJo4Ap8GjDaLSK11SD7axfgtzeT7hTB5LE%2BL61KA7HHegVb%2FRv6tlba2Dtw5CvU%2Bs2q%2F27cQcpyWeefXifzB47G92MrDnPZKCJPG7"}],"group":"cf-nel","max_age":604800}
date: Wed, 27 Nov 2024 11:09:32 GMT
content-type: image/png
last-modified: Tue, 25 May 2021 11:10:14 GMT
x-amz-id-2: 639rmsJHc6MNT0K9oyYxgb9ivb5wtUWTsyK3za8h8UKvyeW8A4kr7nG3uRhXLI5529GfP4SoMregPuilrFWANseuD5vds3E0YWGSYmbOyIE=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2WNCY4BM9BZAGBMW
cf-ray: 8e91aaa6cb030a22-MIA
accept-ranges: bytes
content-length: 1701
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 current.js Show response
blog.eclecticiq.com/hs/cta/cta/ 19 KB
8 KB 72ms
70ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/cta/current.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19b8b7a969cd613a5f4af1598a649b33456bef5c22d09fe4a5c5459ab4fe50fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 36f97516-477d-4ac8-9922-c1b1ade0264e
content-encoding: br
cf-cache-status: HIT
etag: W/"49dc870f22dc7e8bef174360be6097bc"
age: 569
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-amz-version-id: W9oj2sVh6Qn00LXbZPOqsSo8Yj5Mq5qt
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69mNwl2L1nmXR146FDojnGBhFdGABxiuCdvSbYPIKVGyB3iJHDs09%2BGAhMeb0A5PtxHh8854tt%2FXvd2OGTS4RX2m%2BPM80iwIE79vmFshNdHxUu76Mb1ffiCgNEIr1iE8eyYoIM0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Fjttw0py2zXm5UmARYYRcJBtR0WXAz1bQ1J6yt2r_Y2wsUi_RRbmAg==
x-hubspot-correlation-id: 36f97516-477d-4ac8-9922-c1b1ade0264e
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 17:05:01 UTC
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-5ddjq
x-envoy-upstream-service-time: 1
x-hs-target-asset: cta-embed-js/static-1.323/bundles/current.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.323/bundles/current.js&cfRay=8e68b97fb5b2d64f-EWR
via: 1.1 a19665f18a5aa6d5d880b02630196f3e.cloudfront.net (CloudFront)
cf-ray: 8e91aaa64938747a-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H3 200 logo.svg
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/ 31 KB
12 KB 54ms
54ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/logo.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd4a801e15230cf2f68928e1d91f6608cbd2d3ae71a39cffed0a2a262d8aa821

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"9ee7a40155432019971cf97a89bc251c"
age: 970486
cache-tag: F-44851041957,FD-43108380224,P-2831317,FLS-ALL
x-amz-version-id: w39v04l4n.b_YG3VhQuNyPv3tqCRj_ZI
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxGjQwnfFknA%2FaLC%2BFuTzqPg0syVfNUughs8lFgmqm3Hv3xAViI%2BnzEx0a2MFgTuFFwcKDJBjf2hZHAjtlGhbCRXpedngL71S%2FaKU9e%2F6qXo0EfSJd%2BHU4BRph1FRcAL3NKmlcc%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: KdMCR-ovKbURo4euU_2Dx-7o747L2tEDJvKzrpga1Adl6JO5xs1imA==
content-type: image/svg+xml
last-modified: Sun, 11 Apr 2021 10:09:56 GMT
priority: u=2,i
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-44851041957,FD-43108380224,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: BBH6AM1EX4TZN9FA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-44851041957,FD-43108380224,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: Accept-Encoding
x-amz-id-2: MwWT6Xgm+9L2sJCABCGApO/o1w9U4G0rrFVV7HU3sJylRfm9LBe2Fpe71Co/Sp6OLqv5UnvR21MXat/EmnB2FA==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 19f81b125c62da79641b37663ddce94c.cloudfront.net (CloudFront)
cf-ray: 8e91aaa73a05747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1618135793361

GET
H2 200 c9479060-d14c-4615-a32b-0459a89d218c.png
no-cache.hubspot.com/cta/default/2831317/ 1 KB
2 KB 100ms
99ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2831317/c9479060-d14c-4615-a32b-0459a89d218c.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fe8bca03c3223a0b46131917c0f916680a3475dfc3ba9decae57af844ca07a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: DYNAMIC
etag: "7b6cde801d754a9a687236a4220d69b9"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwfanj6ZwzxSn4rES5WwTuAwTPQ98rMe%2F1gxesfIjKcNvre74l9t9t4rzqELauyfERJ6Gnf%2B3gCwBdtbsRPo2PeG%2BbUAoqus7IUtZ4u51g9sYBkz9%2BsDgrMTM88PnERmYjxoXcPf4PFP8z9nWfekwpGN"}],"group":"cf-nel","max_age":604800}
date: Wed, 27 Nov 2024 11:09:32 GMT
content-type: image/png
last-modified: Thu, 08 Jul 2021 09:20:07 GMT
x-amz-id-2: 6yh7Prk2w7xYFGHyqT0rkSra2bqjD7/sc9uTJV92WdJAVXHQpMlRJfAj64A/fg1T11P1CsDFv4XyOmDHMjFVu9w3zHCIUSIGQFqL3Lqm5Tg=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2WNEX4GTTD4ZA22R
cf-ray: 8e91aaa77b7e0a22-MIA
accept-ranges: bytes
content-length: 1192
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 arrow-right.svg
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/ 247 B
1 KB 64ms
64ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/arrow-right.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

364f896afbcfd44d3713cbd2ec7392ebe1e6ac182324ad247f48fa46f3ba259c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"927a87c33b3a907b0158ad2b20b85114"
age: 1970916
cache-tag: F-45558543487,FD-43108380224,P-2831317,FLS-ALL
x-amz-version-id: dIL92K2Jz4mW5j_Y2COaB3OoO9BAq4W5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YATYH9aRWNDdzsMbsqzSk7DIPiqVcl9WEOTR8jC8b8YHaZ0JSOJMX%2BpdipJ%2FRcxZ035ELnm9%2BfCbMve%2FuDfw9k4uEZ8ABmr4bYZ22Cu2LLlJ9t79w1PeaOaQzfQcCcNQQaSTS10%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: sTZUgH3rY6bZzHjh2VN3aZnag8_uVivxJanvyWFVdFE4c7J1CUe5mA==
content-type: image/svg+xml
last-modified: Mon, 31 May 2021 09:00:36 GMT
priority: u=2,i
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-45558543487,FD-43108380224,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5VDPE2MC00BWWK7K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-45558543487,FD-43108380224,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: Accept-Encoding
x-amz-id-2: 4PpYZaJ6P2Oq/ZbJLK2b3lc+OM7H9YJxq42xdtpi9LXO0zHFKevqh9k2G7sYjqiSPEiLycjvRgw=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 8e474c795a53d6737eb97f2aa45be964.cloudfront.net (CloudFront)
cf-ray: 8e91aaa79a4f747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1618947694248

GET
H3 200 bg-resource.svg
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/ 3 KB
2 KB 61ms
59ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/bg-resource.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2821f9c6a3d6e1319b712d97545a182312d82e8fc0f8725e9e60dc10728de9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"d57acb42dd18feebbb96b4e1b5aa7402"
age: 1200931
cache-tag: F-46476053627,FD-43108380224,P-2831317,FLS-ALL
x-amz-version-id: 6L0YMp0YLmmbCknQb9oF.STCiNIeBRWL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AK9koq1P8sJhhIMxWzbUeRm4FoW5O5sC3zORGe2lgQwbD4g%2BdotRTm0x%2F0eXAOBsRV2b%2F1IgwnJ6%2Bklku02AtIb7KeRRG6uMtpQuaRK6BuoSRYDi5efVYKv1kVgbEmB6Cb%2FgWHo%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 1Oymc4f4ZdGSdUIePe9Y34HgNMzQ-W26hy53jd2nzPt5TzkgZljZog==
content-type: image/svg+xml
last-modified: Tue, 04 May 2021 20:38:06 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-46476053627,FD-43108380224,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: EB2KFT637NVBEH9H
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-46476053627,FD-43108380224,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Accept-Encoding
x-amz-id-2: mNacDBuNk1AUnUnLzAE12tkW7GBhePg7Rx6R62jX6y8pIgSls79QTVqffBp92not0+4VmZouEHs=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 19730f0d78f5675aa7f2838252596968.cloudfront.net (CloudFront)
cf-ray: 8e91aaab4d71747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1620160128332

GET
H2 200 4006acce-ccf0-486d-8b67-1f9721da1a65.png
no-cache.hubspot.com/cta/default/2831317/ 833 B
1 KB 106ms
105ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2831317/4006acce-ccf0-486d-8b67-1f9721da1a65.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

900d34b958961d57587b55d5aad8f4f6a1a1ffcf46fa55bb59506896a7fe942c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: DYNAMIC
etag: "14df23296bb3a67e55161f154252a8bd"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fk2JBXr7jZJGXMNksoxBU5TL%2BP%2FypEft2pPCKO14svIkM8WTRM2ZnL0Ce3LMpA%2F5MfTBoOIlhldybqlcdyxd3yisjxIqzJ7DN4KAqn1FbaMylMKGq8aQve7zZ08fOommA6DA2WCmGA8wnaH44WdHvAJb"}],"group":"cf-nel","max_age":604800}
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: image/png
last-modified: Wed, 23 Jun 2021 09:33:05 GMT
x-amz-id-2: Hq3oMqXEcOWVhVzGbqlDArzmQPJrzUxmTIckr91zOc5SJFXGJ1KyAcVWlN5PMnAoCfS6ZO+zXw3vLAC4W+9aKxFpiHtu+ciW+0OXhwpvSfo=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JX2ZZ4JCWT7QD301
cf-ray: 8e91aaabbe6b0a22-MIA
accept-ranges: bytes
content-length: 833
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 f343d88a-4182-4505-8642-501713775db0.png
no-cache.hubspot.com/cta/default/2831317/ 2 KB
2 KB 98ms
96ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2831317/f343d88a-4182-4505-8642-501713775db0.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4234ee451b24731e732f45fbfe1d9974b85acd4d34a2d7698377e2ecee031d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: DYNAMIC
etag: "ee200a7ef5034869045adfc76a149417"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUgox%2BTAT9XwX8CVZwqi0j6rDFOwwENJYgjzslXa7jUDpeEfu8s9GehO9rlwomSY9i9N8bdtGvM48%2Fxr33LR43ue6hm9b3KTKxYopGsr0zkvz6K6EcfJ6q3YYLYt2B0VWJU3NefvptFTnhGZtQeGJfay"}],"group":"cf-nel","max_age":604800}
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: image/png
last-modified: Fri, 18 Jun 2021 15:31:53 GMT
x-amz-id-2: //UTjWrRBSM6tOY9NKFw+vuXqnPNppQDtFtntyqlHapWf+kwiY6wm1lgh3eNNKiLPdhtCluxwyo80r5deqbKjd2VEplVNceLh9SUipkeyQk=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JX2XA7FS8B8174JG
cf-ray: 8e91aaac0e940a22-MIA
accept-ranges: bytes
content-length: 1899
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 payoff-2023.svg
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/ 11 KB
6 KB 64ms
61ms Image
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/payoff-2023.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8895c8e73d7fc9ee9fe7ce2c05e320bf49e95d499c52d84ed9c0f87ecf54d2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
etag: W/"95b9f515290d641ea0fae85b2a53a9a4"
age: 1970916
cache-tag: F-123342892344,FD-43108380224,P-2831317,FLS-ALL
x-amz-version-id: _vM7_5eaXWFCnu_1UMFaAfsbZ_AkOC41
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yh7j%2B6Kq8VodNwGfioO%2FZZqp97UWt03mfk5z%2BLFp%2Fgy15MHCVe0N1taaXxzsJQOGjhJMcs0RvztwZs92LVzFC%2BfZ%2BC8s39dZxiYE%2B9DH6RSF3IrGPLtWm5cp2KsGGysRcaddcXM%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=77HQSM.HNtGpH5JLAllBZE4rz3pQZVBrJmqwjFzs2wE-1732705773-1.0.1.1-t5POSwBk3bltHrHDVYiGV3C2qz7dHnfkcnr3Z4o8SJ9s0hmpD5VFHCkQR.0AWYuW9wdeHEumNCDgHJx7sTJEToQPwENuJN5uWmtAo4PO.orGmvnluBHH7yC6iCqTvqj87UE8_06zrnS.GcCIWgVUQtigYxSmJRl633FEuTOXjJk"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SuD5FJwJkXoarq0khc7VopwIKqf8LSTPOAqSb88DcWeOgwDyUn2udQ==
content-type: image/svg+xml
last-modified: Tue, 04 Jul 2023 08:00:50 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-123342892344,FD-43108380224,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HBY5V68M26K4B4HY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-123342892344,FD-43108380224,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Accept-Encoding
x-amz-id-2: nYZBXl6AT85c8R6sUv5s3bKm04Ie0wmjfzELTkGzWhHnpwfiLsoGC2eQleJCz6k19ATit94RBBahUNlRE1lGXpZfpbyMYCPRrjw7CWl6ldQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=77HQSM.HNtGpH5JLAllBZE4rz3pQZVBrJmqwjFzs2wE-1732705773-1.0.1.1-t5POSwBk3bltHrHDVYiGV3C2qz7dHnfkcnr3Z4o8SJ9s0hmpD5VFHCkQR.0AWYuW9wdeHEumNCDgHJx7sTJEToQPwENuJN5uWmtAo4PO.orGmvnluBHH7yC6iCqTvqj87UE8_06zrnS.GcCIWgVUQtigYxSmJRl633FEuTOXjJk; report-to cf-csp-endpoint
via: 1.1 5a60386eb046f88a482c3726fc19fb4e.cloudfront.net (CloudFront)
cf-ray: 8e91aaac4e3b747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1688457649621

GET
H3 200 imgix.min.js Show response
blog.eclecticiq.com/hs-fs/hub/2831317/hub_generated/template_assets/41392089753/1667398268391/eclecticiq/assets/js/ 6 KB
4 KB 67ms
65ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs-fs/hub/2831317/hub_generated/template_assets/41392089753/1667398268391/eclecticiq/assets/js/imgix.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

555507a0fdbe203425308ae99f5a07f837c2afc38f890c1982bff23b2957c2ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 616f03fd-9fc6-4885-bc1c-1403c213ec20
content-encoding: br
cf-cache-status: HIT
etag: W/"39b3490fa6156bcda6dc2f89ebc64c4a"
age: 2918
x-amz-version-id: jkOxdltd_R0wvHZtW72jYgOHXaII_2OJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9iq2dt9aTV4lRFc48%2FAuiLHwUC6fZ5icc901aT7AEr3PH3Hb8uMm32bepSnHQpALcIe3yPWhPvaB0wQhsemr423MvOaVnic7mO8UXcI2vDO6yWHBjn8wFqGomTyHEp5Uvpi9FVQ%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: eSwo5uk3aV2RChrkIIfm9122T6HGUCRSN7qisk17dmPpMmb0ROthxg==
x-hubspot-correlation-id: 616f03fd-9fc6-4885-bc1c-1403c213ec20
content-type: application/javascript; charset=utf-8
last-modified: Wed, 02 Nov 2022 14:11:09 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-dkncb
x-envoy-upstream-service-time: 210
x-amz-request-id: K6VTK84ZA550R16Q
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 4ZFXF8mwM2/Pm5Aqg8ReHmO+p+tXouIc2GFIStbcNlPLhYpyKlcYtwWoyiEM55bqPVCpX2ZfYG5k1ctBOUe3ColPn6jQ2BU/9e9qzr8gbUM=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.eclecticiq.com
access-control-allow-credentials: false
via: 1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
cf-ray: 8e91aaa80ab6747a-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1667398268898

GET
H3 200 lazysizes.min.js Show response
blog.eclecticiq.com/hs-fs/hub/2831317/hub_generated/template_assets/41400026625/1667398275195/eclecticiq/assets/js/ 7 KB
5 KB 70ms
69ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs-fs/hub/2831317/hub_generated/template_assets/41400026625/1667398275195/eclecticiq/assets/js/lazysizes.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94320c5de3563f14a2af3776e5a8f41f264bc7f7db0c7b29d50e94ebaa9c8e31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 40e1787a-e2a4-47a5-9e40-8457b420fddf
content-encoding: br
cf-cache-status: HIT
etag: W/"5a20fd073700d3b461a0393684e2150d"
age: 2918
x-amz-version-id: tUKsXOJw5B9MkQRV1ToUpXpXLn6LKXNM
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TylKW7gEagj3FFgS3pQ6H%2BPy4eqL4d%2B603pjXJ%2FKUoRp6ZZ23JTpAOcygWJtEq1hO0uao2z2ROq9M61kmcYKeJOeEVjLRMJajA7XZGkrrfV4qa4cGbdlg76vxKcYGy3XQF2CqlQ%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 4hpnl1WU5kUrWMuUwgINe6dd_9rT6TwzxODXD4BKFkOS-Ocpv3fQ6Q==
x-hubspot-correlation-id: 40e1787a-e2a4-47a5-9e40-8457b420fddf
content-type: application/javascript; charset=utf-8
last-modified: Wed, 02 Nov 2022 14:11:16 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-dxzlj
x-envoy-upstream-service-time: 250
x-amz-request-id: 0D0DNYN9WCDHDW32
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 27 Nov 2024 11:09:32 GMT
vary: origin, Accept-Encoding
x-amz-id-2: GgWvYj0vHqegMetPCqSevHGGLAb2uQhegowIndCpD+J6CSPIs94ZT6sVQNbCyrpmSFocJb5QID4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.eclecticiq.com
access-control-allow-credentials: false
via: 1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
cf-ray: 8e91aaa81ad3747a-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1667398275652

GET
H3 200 2831317.js Show response
blog.eclecticiq.com/hs/scriptloader/ 2 KB
1 KB 98ms
94ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/scriptloader/2831317.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2792465de23b07c4a4a42bdaecfa564228d9f7d3d0a2aec9bb43b591d505c97

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gtup4mOz7vOC%2FRGS2wLk04J3TphyfcIkNVqqMGZ4zovAKoV9Y%2F%2FKnLzI4gdYxqHf9s5NfQXUJprwnC%2FY3zaRoBYUNwshXU8z6NqXikKcZ3p5ONZ5VRcFXfNihSQ77rGZbkUA0%2BE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 27 Nov 2024 11:11:03 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 530515e7-49d0-4f0f-8cb7-8c4928be0cce
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:33 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8e91aaac4e3d747a-MIA
accept-ranges: bytes
access-control-allow-origin: https://blog.eclecticiq.com
content-length: 677
server: cloudflare

GET
H3 200 index.js Show response
blog.eclecticiq.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 61ms
58ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 1298884
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vn89Wx0TATiQ%2FWCF2KfOGUR55WNwbIzYF51UOr%2FEcoBP3loau%2BDheYb4ygbL6QeB3PIhHCRvWA6I7%2BzRhNhy2ik81kS1fDZTc5caWgER2XF9bkqbwKkemttsAr5qe6rDz7Ui9U%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 27 Nov 2025 11:09:33 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 8Lt6rwRUjjr_j0fvak_IFZfb7dUiD-8TWQHGLtuW8gZ4znf5NuWYnQ==
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 f27d77f5cb464d2f833e73d78c3c2ccc.cloudfront.net (CloudFront)
cf-ray: 8e91aaac4e3e747a-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 OtAutoBlock.js Show response
cookie-cdn.cookiepro.com/consent/38cab95c-edac-4b6f-a53c-210ba3e72130/ 11 KB
3 KB 210ms
56ms Script
application/x-javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/38cab95c-edac-4b6f-a53c-210ba3e72130/OtAutoBlock.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ad9293d02eba50c8367ace52a26d0d360f0ed671166174aebff35847ea86403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: JFxXJTWOQOcpboaSiQQSKg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
cf-cache-status: HIT
cf-bgj: minify
age: 83553
x-ms-version: 2009-09-19
content-encoding: br
cf-polished: origSize=10990
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Nov 2021 15:47:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 5f6840f4-901e-000e-5270-75020c000000
cf-ray: 8e91aaad3a642888-MIA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 22 KB
8 KB 198ms
44ms Script
application/javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DD045487000823
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 4216
expires: Thu, 28 Nov 2024 11:09:33 GMT
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/javascript
last-modified: Thu, 14 Nov 2024 02:32:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 5c1088c2-301e-005a-0128-3f4d5b000000
cf-ray: 8e91aaad3a632888-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7212
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 330 KB
113 KB 247ms
85ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

065fb76b57bfaa2051dcc3ce27b70cbe7863f569a7c197852f85da7c74fadee9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Wed, 27 Nov 2024 11:09:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 115122
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 e65cc8f4-762c-404c-9fab-eb19f6028e97.png
no-cache.hubspot.com/cta/default/2831317/ 2 KB
2 KB 105ms
104ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2831317/e65cc8f4-762c-404c-9fab-eb19f6028e97.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

400f7fabe28b89834e86df85044f49cef21301f0efc25027db3e5bbec38b855c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: DYNAMIC
etag: "1e2c3ebda50f14268d38abfa8efedc52"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bQwfjET28Ic7Fnre02LjJu4%2FRNrSFL%2FA5LyHHVuDc0BzCv1jTUpCA9uPK61PHHf3t1KwK77WQhHN84qDXgJuKcoVhV5syzK1n2HRjaOnhh%2FF4LASB7GPOj9AczKGDtniTBEWSMInhlRAs71DmEA1KiSl"}],"group":"cf-nel","max_age":604800}
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: image/png
last-modified: Tue, 25 May 2021 11:10:14 GMT
x-amz-id-2: BQiEQxitRVNLlpV3exU624j4nAafYGQDHdgNNp3qu+b4Z8iRNXswzMxRcdUbtbQan/310MFN8A/48zwu4jU138PYfxkdjrhOI8gkXa/rJAI=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JX2K50MPE6PEDFA5
cf-ray: 8e91aaac4eb60a22-MIA
accept-ranges: bytes
content-length: 1701
server: cloudflare
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ 21 KB
21 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad21bce8da754cfbaa1408b31abf7526cb3850d821faf620913e5ec9c824f6b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 21 KB
21 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6920b95f2b38b405f9932005eb14a44556c32fec22efb5d7a58e22f959a13282

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer

Response headers

Content-Type: application/x-font-woff2

GET
H3 200 arrow-right.svg
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/ 247 B
1 KB 57ms
55ms Other
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/arrow-right.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

364f896afbcfd44d3713cbd2ec7392ebe1e6ac182324ad247f48fa46f3ba259c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: dIL92K2Jz4mW5j_Y2COaB3OoO9BAq4W5
age: 1970917
cache-tag: F-45558543487,FD-43108380224,P-2831317,FLS-ALL
etag: W/"927a87c33b3a907b0158ad2b20b85114"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aaigjiTiykPSr9lGereZXNDdTeGFPy%2FNtBD%2FX01HgOd4EhTfmazPRlMc2ZEPYfCLgGR0WAr4G9gHHkybyLuuigBPGFQ52%2F%2BcuCeWZKso2yLxE8Pk6QTcdsg97zFjv6MDlqfUZ2Y%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: sTZUgH3rY6bZzHjh2VN3aZnag8_uVivxJanvyWFVdFE4c7J1CUe5mA==
last-modified: Mon, 31 May 2021 09:00:36 GMT
content-type: image/svg+xml
priority: u=4,i
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-45558543487,FD-43108380224,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5VDPE2MC00BWWK7K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-45558543487,FD-43108380224,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Accept-Encoding
x-amz-id-2: 4PpYZaJ6P2Oq/ZbJLK2b3lc+OM7H9YJxq42xdtpi9LXO0zHFKevqh9k2G7sYjqiSPEiLycjvRgw=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 8e474c795a53d6737eb97f2aa45be964.cloudfront.net (CloudFront)
cf-ray: 8e91aaac8e66747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1618947694248

GET
H2 200 c9479060-d14c-4615-a32b-0459a89d218c.png
no-cache.hubspot.com/cta/default/2831317/ 1 KB
2 KB 169ms
168ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2831317/c9479060-d14c-4615-a32b-0459a89d218c.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fe8bca03c3223a0b46131917c0f916680a3475dfc3ba9decae57af844ca07a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: DYNAMIC
etag: "7b6cde801d754a9a687236a4220d69b9"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v0oKDnNXIbNycbKsL6TDZkyvbIolzLQyBToc1vHTtnrfmZ6x8pd4x5YYgzFN%2BZuow0bxeUWnJqIYGUmTkg76kD%2FpI1QyisyE2bLwxoUTQOFf6t2JqdOJb3vMEP%2Fl0shYppH6%2FTMliSiBEJnEpEjY5sSE"}],"group":"cf-nel","max_age":604800}
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: image/png
last-modified: Thu, 08 Jul 2021 09:20:07 GMT
x-amz-id-2: INrc6T6me0JUJpGae1SL8js04IVITqrShD1WQdsXDwHTp72Hn8yDK4+LAhEnFybuTj01P+ivKJ4gXzlYh/fco8k88F7WhuS3wbdkQVvTvPw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JX2NH0XT87C9NAM0
cf-ray: 8e91aaacdefd0a22-MIA
accept-ranges: bytes
content-length: 1192
server: cloudflare
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ 21 KB
21 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d265ccf2f9b22e6af67a95bfa4af525f46f70a1ce86628f1270d1c47b5526f28

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 21 KB
21 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a13ff7330c657decb943dd0475139300d2f0fbb8d9388a547e6b4feef0bd432

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer

Response headers

Content-Type: application/x-font-woff2

GET
H3 200 Figure%201.png
blog.eclecticiq.com/hs-fs/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/ 12 KB
13 KB 59ms
58ms Image
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.eclecticiq.com/hs-fs/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%201.png?width=693&height=330&name=Figure%201.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a698c74490479a5416aa247d047f9b175ca375015e158d67d9a7c93bef0681b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: HIT
etag: "cfgVtU7kqL3Pg-Q6pBgwkBOk2T4j1FfYTTWtzRc0Y4DQ:8906df45734da4841713d39956060f24"
cache-tag: F-183058307114,FD-183058404631,P-2831317,FLS-ALL
cf-resized: internal=ok/h q=0 n=26+35 c=6+29 v=2024.10.6 l=11998 f=false
cf-bgj: imgq:86,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ON%2BduiWwTzJAJUheXasLs9sWThUDCn%2FdtL%2F3Vr6JjXCJdULgVnTxPPygDbbQTH8%2FefNBANy2pIUmMU1zKKykpDaQhcLuL9QaEBZYRz0jI%2FAkYHs9lEWyzZh5W3T7JSTHMdNPAG0%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: image/webp
last-modified: Thu, 21 Nov 2024 11:18:15 GMT
vary: Accept, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 7872759f444227d49f2a8c400db3486e.cloudfront.net (CloudFront)
cf-ray: 8e91aaad8f0c747a-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11998
server: cloudflare

GET
H3 200 Figure%202.png
blog.eclecticiq.com/hs-fs/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/ 5 KB
5 KB 59ms
58ms Image
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.eclecticiq.com/hs-fs/hubfs/_blogs/corporate-blog/2024/Google%20Docs%20and%20Weebly/Figure%202.png?width=348&height=261&name=Figure%202.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7da70cf9858a1863598948425a822a12498360801418089ac94192dd5d2598dd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cf-cache-status: HIT
etag: "cfG3oBhylqWlB1XVnZAJu27gim5eAgIbnq6yIpe3YDDQ:5c857f6035be7ebe5437f76415718b98"
cache-tag: F-183058501932,FD-183058404631,P-2831317,FLS-ALL
cf-resized: internal=ok/m q=0 n=231+18 c=5+13 v=2024.10.6 l=4770 f=false
cf-bgj: imgq:86,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecrQeyxC9ss5faGVe0UE%2FDeuXKIQ3PuQcmc2qBF7LPpDmBkFaoEyydqCDjyA25WUzh5n56t99vPB6oU3sg%2FnSACT2yeWbvJivD2k8RH9J6TVZaDpZECbbfiuzn6Ej5dAU3n9v4c%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: image/webp
last-modified: Thu, 21 Nov 2024 11:18:15 GMT
vary: Accept, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 19f81b125c62da79641b37663ddce94c.cloudfront.net (CloudFront)
cf-ray: 8e91aaad8f0d747a-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4770
server: cloudflare

GET
H3 200 payoff-2023.svg
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/ 11 KB
1 KB 63ms
63ms Other
image/svg+xml 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/svg/payoff-2023.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8895c8e73d7fc9ee9fe7ce2c05e320bf49e95d499c52d84ed9c0f87ecf54d2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: _vM7_5eaXWFCnu_1UMFaAfsbZ_AkOC41
age: 1970916
cache-tag: F-123342892344,FD-43108380224,P-2831317,FLS-ALL
etag: W/"95b9f515290d641ea0fae85b2a53a9a4"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOIOnVCG55IYo5sbELyPBraTAAA5D4k17UtPpyHs9RPrCJkE%2B0FJQ%2B61lVZXsf%2BAz8WmiCyfPEVis215cyjk30SgelBYnrwNcSvKPOltL2vpz%2B8DLJuTg6h6%2B4s82F8odpIFkTI%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SuD5FJwJkXoarq0khc7VopwIKqf8LSTPOAqSb88DcWeOgwDyUn2udQ==
last-modified: Tue, 04 Jul 2023 08:00:50 GMT
content-type: image/svg+xml
priority: u=4,i
server-timing: cfExtPri
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-123342892344,FD-43108380224,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HBY5V68M26K4B4HY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-123342892344,FD-43108380224,P-2831317,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Accept-Encoding
x-amz-id-2: nYZBXl6AT85c8R6sUv5s3bKm04Ie0wmjfzELTkGzWhHnpwfiLsoGC2eQleJCz6k19ATit94RBBahUNlRE1lGXpZfpbyMYCPRrjw7CWl6ldQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=77HQSM.HNtGpH5JLAllBZE4rz3pQZVBrJmqwjFzs2wE-1732705773-1.0.1.1-t5POSwBk3bltHrHDVYiGV3C2qz7dHnfkcnr3Z4o8SJ9s0hmpD5VFHCkQR.0AWYuW9wdeHEumNCDgHJx7sTJEToQPwENuJN5uWmtAo4PO.orGmvnluBHH7yC6iCqTvqj87UE8_06zrnS.GcCIWgVUQtigYxSmJRl633FEuTOXjJk; report-to cf-csp-endpoint
via: 1.1 5a60386eb046f88a482c3726fc19fb4e.cloudfront.net (CloudFront)
cf-ray: 8e91aaad8f0e747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1688457649621

GET
H3 200 json Show response
blog.eclecticiq.com/_hcms/forms/embed/v3/form/2831317/13931385-b411-4165-9e58-573322610620/ 25 KB
8 KB 190ms
190ms XHR
application/json 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/_hcms/forms/embed/v3/form/2831317/13931385-b411-4165-9e58-573322610620/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3e0f572f227807f514348819b583d34124fa7662a0bcd6241d827f9430c24e3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 144ff154-64a4-424a-af4a-712c83a36c49
access-control-expose-headers: X-Origin-Hublet
content-encoding: br
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6bJp%2F0WntZZkM9FmTcR3cDOu8bMCZKFugvdK7b42UQBydknozjxECX1SoBKQYrykAik47%2FJyqJ%2BudA8MZtnYAgVNjVfCrgp8KjC4Q2hlkdzXSWQZWMt8oyd9mNIXxf6SlFo9U0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 144ff154-64a4-424a-af4a-712c83a36c49
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
priority: u=1,i
access-control-allow-headers: *
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 37
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-wnjkp
access-control-allow-credentials: false
cf-ray: 8e91aaad9f1e747a-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 json Show response
blog.eclecticiq.com/_hcms/forms/embed/v3/form/2831317/13931385-b411-4165-9e58-573322610620/ 25 KB
8 KB 301ms
113ms XHR
application/json 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fffa61ae5c243db53073b59404c859c4a00ef49df30e1f3b69e43f5c8133d77

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 5fbf60ca-2632-482b-83cc-c08fc531dcd5
access-control-expose-headers: X-Origin-Hublet
content-encoding: br
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6T9TJZG8pmeayWzcFJBrykLqd%2FWOqmtCmth4auSz6UjrFkiMlkyS5iD1L1akwX5ly%2BeqGeVRvS2FQ9aFbO6tXU%2BJd5FBASlbtieGhWAo8SbIikjQIDWGPhuDV5zIZ35P9tMCu1w%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 5fbf60ca-2632-482b-83cc-c08fc531dcd5
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
priority: u=1,i
access-control-allow-headers: *
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 23
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lnptw
access-control-allow-credentials: false
cf-ray: 8e91aaaed802747a-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 156ms
74ms Script
application/x-javascript 31.13.80.12
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-yyz1.fbcdn.net

Software

Resource Hash

42840d2baced8fd75f9e674bdd73eab5bf48fb2ad0e97da029ec1b483eff6775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: 1Cfn2lVNrD/e8/Sv4znq2w==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "d7f54176fbc1f82de6995e0fa209df8b"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 27 Nov 2024 11:21:23 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 5c4baa8f357e1bf29c561d1d421a0c72
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: GOOD; q=0.7, rtt=65, rtx=0, c=23, mss=1232, tbw=4451, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: r+aP1ZrfkJ6KCyD3owM9AsqY8M3bxMbohT1E9/FrEwF+5ShUR9X3+ygDsGdc8IokOhG5vRFZsfB4FS5+3tRgVA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 1687
origin-agent-cluster: ?1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 309ms
65ms Script
application/javascript 151.101.44.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.44.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Wed, 27 Nov 2024 11:09:33 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kcgs7200137-IAD, cache-nyc-kteb1890028-NYC
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 126ms
47ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/scriptloader/2831317.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2b5cac90427af9fad82e4adc4adcd9525413cef56e57acbb3453bded83ac0e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 257ea538-0d75-4a08-8d32-812d6b8ffc34
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: Jx5M_V9MJ7I7Cwck9HYxWWIWQlqz_ofw
etag: W/"6900bd11c556cb466d96359bc5f70507"
age: 0
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DToqjxRWXs%2FBmeg7bXuL17puuCUIkgFcsWDKA3iCrTsLl1XaOXJ4ivb3ZaBW4BWeyON7CHBMVWUeH2h7POP99UaqoNTZaEDwd%2BxdT79S3dYVlJp1eNToCbAOBVxRr%2BqKuPCNm1%2BMgFbnPf%2Fl"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: VZweyjiHpGylo2NiXrtG4pHzztFbmHqKjSdkvdMt4m61srhf70vG9A==
x-hubspot-correlation-id: 257ea538-0d75-4a08-8d32-812d6b8ffc34
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 21:30:05 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xkq4z
x-envoy-upstream-service-time: 7
x-hs-target-asset: web-interactives-embed/static-2.1806/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1806/bundles/project.js&cfRay=8e91aaad3996a2d8-MIA
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
cf-ray: 8e91aaae3b85daad-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 146ms
51ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/scriptloader/2831317.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de0c45ec7d9e1c855d521f24dc5e3bfd081055b864b19f4ef65e9e6f6877da8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-evy-trace-virtual-host: all
x-request-id: b3c9cc53-1ef8-4089-a375-178f3dd9e753
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9ae5a46ec8639186a39b1dfd8843ef25"
x-amz-version-id: 8Pp0xqJ_R3yJ67oPHJJ1OjAyAekiquW.
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 187
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: vvgbbK30rFH598TOxC5a7L-1BCnwljFQh4kuvfr1gzJmXklY3A3W0w==
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: b3c9cc53-1ef8-4089-a375-178f3dd9e753
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Nov 2024 20:04:43 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-hfrjc
x-envoy-upstream-service-time: 4
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.822/bundles/pixels-release.js&cfRay=8e8c8c362a36e627-IAD
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
cf-ray: 8e91aaae4ad24c21-MIA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.822/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/2831317/ 71 KB
26 KB 159ms
78ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/2831317/banner.js
Requested by: Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/scriptloader/2831317.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a679b6e30841afeab4a056a3c9a8ca287c6b927fb88ed46b7668c0e4600d5c0e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 0b237214-b0b2-4c0d-bf1b-64d486947336
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"161b531be263f071b80c39829e30192a"
x-amz-version-id: BLUSpX5A.8YGp0vaj3Z3TpX.o.D.WNTs
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Wed, 27 Nov 2024 11:10:08 GMT
x-evy-trace-listener: listener_https
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 0b237214-b0b2-4c0d-bf1b-64d486947336
content-type: text/javascript; charset=UTF-8
last-modified: Fri, 24 May 2024 12:02:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: MDdCxu5xNVAyn6zVy5Q6+GHA2q8lqvoD6Tc1nww3dO+cBVdScP5LLMsxco1pm3mwYBWhpe6N/ww=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-wgwsj
x-envoy-upstream-service-time: 162
access-control-allow-credentials: true
x-amz-request-id: 76X8H78HYM85GT0J
cf-ray: 8e91aaae39995c7c-MIA
access-control-allow-origin: https://www.eclecticiq.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 119ms
45ms Script
application/javascript 2606:4700::6812:8c11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/scriptloader/2831317.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8c11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 4f8089a2-72c9-42a8-8a5e-cf2a9931adaa
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
etag: W/"ce26171eff05376a1b746efbb809f7f6"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 35156
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ApWhslGt_AJlgVftc-MOyUG5ypn87t5GXEHmTtU3DMcUt4dWRO_TAg==
x-hubspot-correlation-id: 4f8089a2-72c9-42a8-8a5e-cf2a9931adaa
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:54:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-k62xt
x-envoy-upstream-service-time: 9
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Wed, 27 Nov 2024 11:09:33 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8e68217e68f5c93f-EWR
via: 1.1 38fc47c0600e1aa74a99467e3cebbdee.cloudfront.net (CloudFront)
cf-ray: 8e91aaae2a89da9b-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H2 200 2831317.js Show response
js.hs-analytics.net/analytics/1732705500000/ 68 KB
25 KB 117ms
41ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1732705500000/2831317.js
Requested by: Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/scriptloader/2831317.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 240b0b120cc07d49aaa956439c3e635ffc940d3260cfea4411e12a734c4a146b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 8ea6be77-84a5-4683-b31e-0a5a4f92a981
content-encoding: gzip
cf-cache-status: HIT
etag: W/"45210bb0203a63279b1d6792e9fe952c"
x-amz-version-id: null
age: 0
expires: Wed, 27 Nov 2024 11:14:33 GMT
x-evy-trace-listener: listener_https
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 8ea6be77-84a5-4683-b31e-0a5a4f92a981
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:40:31 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 4pHfOZO5TvpgIoMzrWTtWqGjRMccN57T8bIwUYxllvTSQ6YpVMg7gHxRw62wymHdE7/maSjOy7I=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-9skb2
x-envoy-upstream-service-time: 45
access-control-allow-credentials: false
x-amz-request-id: JX2JEK9HYAWJ1HPV
cf-ray: 8e91aaae3e1db3da-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
400 B 149ms
139ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=2831317

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-request-id: 2977dcc8-20b1-42b4-b8ad-f9f01270c198
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 2977dcc8-20b1-42b4-b8ad-f9f01270c198
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8e91aaae0fb60a22&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-kxzq7
x-envoy-upstream-service-time: 5
access-control-allow-credentials: true
cf-ray: 8e91aaae0fb60a22-MIA
access-control-allow-origin: https://blog.eclecticiq.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 38cab95c-edac-4b6f-a53c-210ba3e72130.json Show response
cookie-cdn.cookiepro.com/consent/38cab95c-edac-4b6f-a53c-210ba3e72130/ 4 KB
2 KB 122ms
58ms XHR
application/x-javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/38cab95c-edac-4b6f-a53c-210ba3e72130/38cab95c-edac-4b6f-a53c-210ba3e72130.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3a728bee932cf14dc34bcc0cef03137ec497491c16a7c643565a5941f2399eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: WW+QXWGd3ycITVix1jRdFQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
cf-cache-status: HIT
cf-bgj: minify
age: 71204
x-ms-version: 2009-09-19
content-encoding: br
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Nov 2021 15:47:19 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
x-ms-request-id: f09d8c92-d01e-0030-7d73-759573000000
cf-ray: 8e91aaae6b196da7-MIA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 10 KB
3 KB 109ms
104ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&pageId=183055953041&pid=2831317&sv=cta-embed-js-static-1.323&rdy=1&cos=1&df=t&pg=e65cc8f4-762c-404c-9fab-eb19f6028e97&pg=c9479060-d14c-4615-a32b-0459a89d218c&pg=e65cc8f4-762c-404c-9fab-eb19f6028e97&pg=4006acce-ccf0-486d-8b67-1f9721da1a65&pg=f343d88a-4182-4505-8642-501713775db0&pg=c9479060-d14c-4615-a32b-0459a89d218c

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27acae6830ad6680c38e4167348ce5f384bf68d7d9c9a581d95702fc17d97d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 5d6ec03d-6ce4-4eb9-878c-4b5584310ad2
access-control-expose-headers: X-Origin-Hublet
content-encoding: gzip
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8gGCPlNHYWD7nw8Py4jWLTM8pZL56xTbaVjz4SkTUYp8x%2FpPqTzyvwQgUYX%2Fw4sxT1VafN3HRjc3paUpSuKyRwWJ58Bne9GUGl6ZOd7BoP%2B%2FDicK6aPO95swVGlzbGK2f24hayINwxE6EHJNyGMbvs7tgB1syUmB8pc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 5d6ec03d-6ce4-4eb9-878c-4b5584310ad2
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-pdcc5
x-envoy-upstream-service-time: 32
access-control-allow-credentials: true
cf-ray: 8e91aaae3fd50a22-MIA
access-control-allow-origin: https://blog.eclecticiq.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1021 B 91ms
88ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=2831317&currentUrl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&contentId=183055953041

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 8491fbb2-1c68-4719-82f7-aa9e262d8f71
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAjVDzcUwPZ3zFuF9mavm9%2BkrmvqkQkLwUdsbd48xwNfO5q7D2w5rpaqOtcANiXGX1Y74k3Col3hsVu5s%2BxZLyFl57mfKrisqpD3YkMV3f77CClgIbMUxwiMTeY1RUv66ZPmUzlzhf8qYQWZ3%2F61cL7Xu80%2BwyxV2yk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 8491fbb2-1c68-4719-82f7-aa9e262d8f71
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-97cpg
x-envoy-upstream-service-time: 8
access-control-allow-credentials: true
cf-ray: 8e91aaaeabcfdaad-MIA
access-control-allow-origin: https://blog.eclecticiq.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 248 KB
73 KB 76ms
74ms Script
application/x-javascript 31.13.80.12
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=1128448cdd3d05a0f0273d41ce62bd19

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-yyz1.fbcdn.net

Software

Resource Hash

9477de29d0447d38174d46cb2179224bd29b96c7647b4d1d2417f8323e2b091d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.eclecticiq.com
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: 2RSawdVqFOYjFc5sIZN2qw==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "fcd16ffb459684f7ef27bfcfcc237a01"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 27 Nov 2025 09:27:19 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 27 Nov 2024 11:09:33 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: ad6673952780abbaaa0d32b4c80294fe
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1826, tp=5, tpl=0, uplat=0, ullat=-1
x-fb-debug: s02qHx4AhPBaCkWwB9ok0j2wJGNcBGj7ZRAw+Qrs5oNJVWimlnbw8IoZP6GM/RLI9tm5xg82UIezb4a797fLdA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 75124
origin-agent-cluster: ?1

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
306 B 338ms
55ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept: application/json
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8e91aab09a05da6b-MIA
access-control-allow-origin: *
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
916 B 361ms
77ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 41e78b9b-5a6a-4bd3-b18d-01598f552033
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 41e78b9b-5a6a-4bd3-b18d-01598f552033
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-q5dzg
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8e91aab0cf6fda23-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 110ms
101ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=e65cc8f4-762c-404c-9fab-eb19f6028e97&lt=1732705773467&dt=1732705773507&at=1732705773908&ae=1&an=1

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 33e08b54-7ce4-40ac-909c-301f4d03007f
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sxggjYJQ5Nj4LqgoXX%2FuJt%2BeQSrnVGbJWlyIl1r7u6ZYXdQjsLPMiVzbJU1Zuva7fNC1LtktSW4Kqsu0p%2F04xlVq9QLSX4D%2BLg1h9nKWtGTGebzZOt09nImiti5Gc2FeYfhTmO8%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:33 GMT
x-hubspot-correlation-id: 33e08b54-7ce4-40ac-909c-301f4d03007f
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:33 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9hm9p
cf-ray: 8e91aaaf1825747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 118ms
101ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=e65cc8f4-762c-404c-9fab-eb19f6028e97&lt=1732705773467&dt=1732705773507&at=1732705773910&ae=1&an=1

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 38035c3a-6420-46ed-801e-2715eaf609c8
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RsZPW7N%2BFWKBeFHHB0DvEFgh%2FXWVDW8rlPZSfgYd1ishR3pTTj%2FugcCMoJXEttiIgneRE0er1DTT0LKN7LEpIHOXlcMWwtq26dkcBwW3ibV04joW%2BaW8RQ3XTL%2BGXErq3IRZsKs%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 38035c3a-6420-46ed-801e-2715eaf609c8
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:33 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-x5gbf
cf-ray: 8e91aaaf2832747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 128ms
111ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=4006acce-ccf0-486d-8b67-1f9721da1a65&lt=1732705773516&dt=1732705773516&at=1732705773911&ae=1&an=1

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 741e0b07-b237-4962-9b18-404cf1ec4aa3
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MpOrct8Xn%2BA0npfNjD0TiAcPmnLX8EP32%2FX5IM7l39sW7aP%2FrPiDu3OddLzraCopB7moaniF6UTcLnxkra12QQdRqCy3BPL%2B6dggAy2QK%2FKxsyF0b%2Bj475VA11cFODoKihlqtc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 741e0b07-b237-4962-9b18-404cf1ec4aa3
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-4nb5b
cf-ray: 8e91aaaf2833747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 113ms
101ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=c9479060-d14c-4615-a32b-0459a89d218c&lt=1732705773473&dt=1732705773550&at=1732705773912&ae=1&an=1

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: abb674d0-d2cd-4287-b753-68f2835abdf9
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FKtTIfkjQcstwCBwAxgaB6WlKYZ4tBppvWt0NtJHgiJNIFuXbAtDUwWigfTMDlyrSSZ%2BeM3Uc2n1PpYlwDlpch02gg02hRZ14F76VHDpF7O%2FTTlE0ompHFhd7004Jrebknw%2F58%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: abb674d0-d2cd-4287-b753-68f2835abdf9
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9hm9p
cf-ray: 8e91aaaf2834747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 119ms
107ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=c9479060-d14c-4615-a32b-0459a89d218c&lt=1732705773473&dt=1732705773550&at=1732705773913&ae=1&an=1

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 08533c02-11a3-4561-a632-6e81c125d60e
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nyYqbY0yY0xx9jJcrh80mEqSPZ4mCi2gdQTMGVyRLUEuOgEes6j2j6ru%2BAaYvT4E6SeJHHdbE6D1Nfn0qKyQnyRWNLWzwzNOXDwDZDyDoV4FA0UxnKz400UhhwMs2rlcAfBzNXo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 08533c02-11a3-4561-a632-6e81c125d60e
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-g6ppr
cf-ray: 8e91aaaf2835747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 121ms
110ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=f343d88a-4182-4505-8642-501713775db0&lt=1732705773517&dt=1732705773517&at=1732705773914&ae=1&an=1

Requested by

Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 556293ae-23b6-419d-8a3d-3503d10434f2
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ItZDYvOHPs1yTyudQQ4%2FrHD6J2xsZcgykBeOnrUs%2F%2BNiDyIABWgrB3f61p8cSmWPH85iEnOht43p8fApjKAy%2FcU0sKC5XEoYS3qe6IWV9GH4QJAnxEjz0JlwjgD5PKk%2B3hou1J0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 556293ae-23b6-419d-8a3d-3503d10434f2
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9cthp
cf-ray: 8e91aaaf2836747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 361ms
84ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 6288fb55-86ef-4774-abb1-9c40cbc29519
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 6288fb55-86ef-4774-abb1-9c40cbc29519
Content-Type: image/gif
vary: origin, Accept-Encoding
Last-Modified: Wed, 27 Nov 2024 11:09:34 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 3
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8e91aab0ccd88dba-MIA
Accept-Ranges: bytes
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 362ms
86ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: d155d1c5-8392-49dc-b887-8f3049ec208a
access-control-expose-headers: X-Origin-Hublet
CF-Cache-Status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
Date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: d155d1c5-8392-49dc-b887-8f3049ec208a
Content-Type: image/gif
vary: origin, Accept-Encoding
Last-Modified: Wed, 27 Nov 2024 11:09:34 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
Cache-Control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-credentials: false
CF-RAY: 8e91aab0cda65c81-MIA
Accept-Ranges: bytes
x-evy-trace-route-configuration: listener_https/all
Content-Length: 35
Server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 178 B
821 B 298ms
91ms XHR
application/json 2606:4700::6812:f46c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=2831317

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f46c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eff164ad39f311f3c538b3670d570a96424e18f76798999e4ff29153afb9fe1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HqnltixsHWToxyCDzhFYJmMRuG7vXIOneM2X85rSMzJlJGOCuFyILM4KSUOkLz9kGS8Fd6kxUalkRfBz4E24%2FuMgRwNE30vmpwqI5YHLd6vT4Tg00%2BwfdRSeY4UuGJAK%2FHfzomk1CmKjbnjo"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 70f6ea34-a3bb-46ff-bc27-532a97dea7d8
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8e91aab0cb468dd0-MIA
access-control-allow-origin: https://blog.eclecticiq.com
server: cloudflare

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
880 B 248ms
78ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 048e510b-8da9-49bc-85bf-a037f51c3789
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 048e510b-8da9-49bc-85bf-a037f51c3789
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9hm9p
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8e91aab0cf71da23-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
960 B 196ms
86ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 7aee9620-2a4a-46f3-8eb3-59dc3e6f7446
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 7aee9620-2a4a-46f3-8eb3-59dc3e6f7446
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-97cpg
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8e91aab0fd934964-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 0995 0
0 203ms
64ms Document
text/html 151.101.44.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.eclecticiq.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.44.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Wed, 27 Nov 2024 11:09:34 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kiad7000164-IAD, cache-nyc-kteb1890034-NYC

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/6.26.0/ 319 KB
76 KB 48ms
46ms Script
application/javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

972688e6f6c24d2b23019a796b19f90515ba5f4ff744747c072b79fa44de3432

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: fFt4+LicLBj64XIOlrs8+w==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D999B41F891CAD
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 32465
expires: Thu, 28 Nov 2024 11:09:34 GMT
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript
last-modified: Thu, 28 Oct 2021 01:41:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: a506df8f-301e-005a-6144-2f4d5b000000
cf-ray: 8e91aab0fd3c2888-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 77724
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
97 KB 109ms
108ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-961512488

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d4a41692cbc80dd2c2fb23e80bc4fb288633fe873117f8e4c6982d53c03e98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 27 Nov 2024 11:09:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99379
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
97 KB 88ms
87ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

155c64ff00132648d31b6509459a8ce61f7f2177acfc66ccb405b4fa2a0d4ae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 27 Nov 2024 11:09:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99441
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
981 B 215ms
64ms Script
application/javascript 2600:141b:b000::173b:fbd0
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:b000::173b:fbd0 Newark, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

3628be465ec3d28413b23bd425c36d30ab28016eb5f6d2f702ca7f5ae883e93f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: max-age=47690
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 771
date: Wed, 27 Nov 2024 11:09:34 GMT
last-modified: Tue, 26 Nov 2024 13:42:29 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/38cab95c-edac-4b6f-a53c-210ba3e72130/8e2e1326-a9d1-4201-b263-f311e5d2483e/ 74 KB
15 KB 56ms
56ms Fetch
application/x-javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/38cab95c-edac-4b6f-a53c-210ba3e72130/8e2e1326-a9d1-4201-b263-f311e5d2483e/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79e594b795aa469ff099614a023b90f72ef1672cb41aa57bcc4c653466584029

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: 8Fe1xEHCPp/7TqAzOcSnlA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
cf-cache-status: HIT
cf-bgj: minify
age: 67471
x-ms-version: 2009-09-19
content-encoding: br
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Nov 2021 15:47:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
x-ms-request-id: df5e0c8a-a01e-0058-3180-25f3e3000000
cf-ray: 8e91aab19ca46da7-MIA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 415 KB
131 KB 101ms
100ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-R78SQ447KS&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b7204ef81502dc1279ad372bbae9b4388ee51713e15d395a0755ed3035f919bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 27 Nov 2024 11:09:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 134462
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 233ms
65ms Script
application/javascript 151.101.44.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.44.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Wed, 27 Nov 2024 11:09:34 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 01:22:31 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000145-IAD, cache-nyc-kteb1890024-NYC
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 281 KB
97 KB 109ms
101ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

5eaf48ec337b83d60446bc14f263c5dead397af877dcbf49266f3860aa68f31d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Wed, 27 Nov 2024 11:09:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99380
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 187ms
56ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3D49AEFD17984043970C9407D7828F7B Ref B: MIAEDGE1618 Ref C: 2024-11-27T11:09:34Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET
H2 200 hotjar-2950447.js Show response
static.hotjar.com/c/ 13 KB
6 KB 281ms
143ms Script
application/javascript 13.33.252.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2950447.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.252.108 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-252-108.jfk50.r.cloudfront.net

Software

Resource Hash

ca47687fdd9bebfb8b267acff8ba13b36a39cd0daa13152a3fdab6805cdd86ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/02ce8f71b56a94e5a2eab7c6a5923f8a
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 1282b072279a4ba99f5e6de99fc2819e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: s9KWtReKuFSlwBTcqiynaeqBI1beNvl6JjUjotaMLFMYqebUBbHOqQ==
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: JFK50-P10

GET
H2 200 2831317.js Show response
js.hs-scripts.com/ 2 KB
1 KB 130ms
43ms Script
application/javascript 2606:4700::6810:8cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/2831317.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2792465de23b07c4a4a42bdaecfa564228d9f7d3d0a2aec9bb43b591d505c97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 1
x-content-type-options: nosniff
expires: Wed, 27 Nov 2024 11:11:04 GMT
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 530515e7-49d0-4f0f-8cb7-8c4928be0cce
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Wed, 27 Nov 2024 11:09:33 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8e91aab2cb79a4f4-MIA
accept-ranges: bytes
access-control-allow-origin: https://blog.eclecticiq.com
content-length: 677
server: cloudflare

GET
H2 200 matomo.js Show response
cdn.matomo.cloud/eclecticiq.matomo.cloud/ 135 KB
40 KB 236ms
73ms Script
application/javascript 2600:9000:24f0:1000:c:7d55:b3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.matomo.cloud/eclecticiq.matomo.cloud/matomo.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f0:1000:c:7d55:b3c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

371e99b1570fa00de0657d00a91fb4978de157493521be01c1ee094756e3ad54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
x-amz-version-id: dmvaeLUJrRD0nldom9Ka73s9IxL_vrqs
etag: W/"1e7a8d39740aec03690028dc19709450"
age: 17583
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: CDtsni5I_dKBrYvFWiyNn45q7mKWW0Mr_zDuluFoyCXgq4UnhG8WGA==
date: Wed, 27 Nov 2024 06:16:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 15 Oct 2024 23:53:20 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
cache-control: max-age=691200
via: 1.1 f07e3fd03d3423bceb1c6083ab62cf8a.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P3
server: CloudFront

GET
H2 200 567qii4cnk Show response
www.clarity.ms/tag/ 1 KB
1 KB 367ms
240ms Script
application/x-javascript 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/567qii4cnk
Requested by: Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6c77b48d36e588f72ee41c56e387d123e32c087e2d7a400f583f599da6a5acc5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, no-store
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
expires: -1
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 1057
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/x-javascript
x-azure-ref: 20241127T110934Z-17958fbc6d48xklbhC1MIA0g100000000wgg00000000gws4

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 83ms
78ms Script
application/x-javascript 31.13.80.12
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-yyz1.fbcdn.net

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-KU18ghSx' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-KU18ghSx' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=65, rtx=0, c=26, mss=1232, tbw=8355, tp=15, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: lwPbjUCC8Rmsh8X/wR7hPu/EBh6wxBUHobBAKYo3/pcZF6PNQhsxpA9z3MbHkXjvu+MnYzNgBL6PxCwPTwG73Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1 200
OK track.js Show response
serve.albacross.com/ 10 KB
4 KB 225ms
65ms Script
application/javascript 18.164.96.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://serve.albacross.com/track.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.96.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-96-5.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fff6b1e56bd4db74845bc382e5212749a310f4766677383bb24e93acc1233b4e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

Content-Encoding: gzip
ETag: W/"3c3d848b00c9b9e23c100e23e9d7eace"
Age: 115
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: lr5WEaKkQNF6fE1JcJ1vtUrcJofkF0YfW__GRn2L-VRwtpmn6hEvvQ==
Date: Wed, 27 Nov 2024 11:07:41 GMT
Content-Type: application/javascript
Vary: accept-encoding
Last-Modified: Wed, 11 Sep 2024 12:32:14 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=120
Connection: keep-alive
Via: 1.1 f8debc28b6c73eb3dc7540e2ac2f0e18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK50-P5
Server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 hotjar-3012951.js Show response
static.hotjar.com/c/ 13 KB
6 KB 282ms
148ms Script
application/javascript 13.33.252.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3012951.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.252.108 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-252-108.jfk50.r.cloudfront.net

Software

Resource Hash

faa5df63e7b22367b8ed72e5d99e4e53278069eefc1dc5e9f7fac8ac78bd3004

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/d03a89a77ed14bd3971dd6dfcf480c5b
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 1282b072279a4ba99f5e6de99fc2819e.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: AGFA5ufpa3Lix6YMQipEe2rb9yeftaS-TbZjgDZPSzINnp-XWykz2w==
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: JFK50-P10

GET
H2 200 otCenterRounded.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.26.0/assets/ 9 KB
3 KB 49ms
41ms Fetch
application/json 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/assets/otCenterRounded.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: Ies7VXL5Lz4YnYLz8UJcDQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D999B41902E18E
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 67470
expires: Thu, 28 Nov 2024 11:09:34 GMT
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/json
last-modified: Thu, 28 Oct 2021 01:41:44 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: b8b4619b-701e-0016-466a-75dd6b000000
cf-ray: 8e91aab24cf96da7-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2584
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcPanel.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.26.0/assets/v2/ 48 KB
12 KB 47ms
39ms Fetch
application/json 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/assets/v2/otPcPanel.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3348a27f0b6cdf7f66eaae26ee8930ebb6996fc4e45ebdbe7615e20ddb5c558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: t7nNd7q0+eQg2OcX8N08KA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D999B4198B8F54
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 67470
expires: Thu, 28 Nov 2024 11:09:34 GMT
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/json
last-modified: Thu, 28 Oct 2021 01:41:45 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 754c4517-701e-0064-5f5d-75da24000000
cf-ray: 8e91aab24cfa6da7-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11485
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/6.26.0/assets/ 20 KB
4 KB 48ms
42ms Fetch
text/css 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/assets/otCommonStyles.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2745239f7c61a76d5d456853ce195876099382f6ffc7ac42dad311541c1801c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-md5: Ye6OeZcNyuFoWog7CYs00A==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
cf-bgj: minify
cf-cache-status: HIT
x-ms-version: 2009-09-19
age: 67294
content-encoding: br
expires: Thu, 28 Nov 2024 11:09:34 GMT
cf-polished: origSize=20950
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: text/css
last-modified: Thu, 28 Oct 2021 01:42:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 6105b002-501e-002e-2266-cd79ab000000
cf-ray: 8e91aab24cfc6da7-MIA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 218ms
66ms Script
text/javascript 2607:f8b0:4006:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MC7MVC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
age: 2153
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Wed, 27 Nov 2024 12:33:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 10:33:41 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/961512488/ 5 KB
2 KB 223ms
84ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961512488/?random=1732705774488&cv=11&fst=1732705774488&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

5c9e05b63198d6ecbed5ee7504f4c96a35c7b69cedc9a464b37956378999df9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2439
date: Wed, 27 Nov 2024 11:09:34 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 961512488
td.doubleclick.net/td/rul/ Frame E199 0
0 235ms
85ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/961512488?random=1732705774488&cv=11&fst=1732705774488&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Nov 2024 11:09:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame CFD0 0
0 205ms
62ms Document
text/html 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fblog.eclecticiq.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 427502
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Fri, 22 Nov 2024 12:24:32 GMT
expires: Sat, 22 Nov 2025 12:24:32 GMT
last-modified: Tue, 19 Nov 2024 10:38:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
40 KB 65ms
65ms Script
text/javascript 2600:141b:b000::173b:fbd0
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:b000::173b:fbd0 Newark, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 41181
date: Wed, 27 Nov 2024 11:09:34 GMT
last-modified: Tue, 26 Nov 2024 13:49:02 GMT
content-type: text/javascript
x-amz-server-side-encryption: AES256

POST
H3 200 collect
www.google.com/ccm/ 0
0 210ms
81ms Ping
text/plain 172.217.165.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&scrsrc=www.googletagmanager.com&frm=0&rnd=1728059260.1732705775&auid=1328429672.1732705775&npa=0&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm=45be4bk0za200zb71624837&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732705774601&tfd=2645&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.165.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s70-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/961512488/ 5 KB
2 KB 121ms
85ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961512488/?random=1732705774580&cv=11&fst=1732705774580&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200zb71624837&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

6ebd341b0dcba3267890177d9f36041bd04d2e32369069d0d5d8bec36af0305d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2469
date: Wed, 27 Nov 2024 11:09:34 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 961512488
td.doubleclick.net/td/rul/ Frame 6559 0
0 155ms
87ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/961512488?random=1732705774580&cv=11&fst=1732705774580&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200zb71624837&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Nov 2024 11:09:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 106ms
101ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=e65cc8f4-762c-404c-9fab-eb19f6028e97&lt=1732705773467&dt=1732705773507&at=1732705773908&ae=1&an=1

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 7468774c-b8ee-4f24-a352-dd43c2852e19
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mCQ%2Fgy7Po0TDEnsEgiePAEL2JcoBAFK11y6E1HHbp%2BeuxFrlpbP%2BcjFbx9oliy1XurqOwa8Rup%2FuyyaQJR%2FkidYIUZK7GN0qBeU7XKgZOC1Ncl6Z8n9%2BOPixOB4hmKsZxFzejDE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 7468774c-b8ee-4f24-a352-dd43c2852e19
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lnptw
cf-ray: 8e91aab3cbe7747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 103ms
100ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=e65cc8f4-762c-404c-9fab-eb19f6028e97&lt=1732705773467&dt=1732705773507&at=1732705773910&ae=1&an=1

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 61125b58-dc7f-477c-bfcf-c957ea234ccf
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z36ZWmoUqjzW8eDqfmwrqaXkSEN4aWr%2FaAjf5ZMmHm7dIbKZ3JExOperLqjt464LjHyX6N5jT7OGiiHqeI7yHEbGsUhOxxBCn%2FcK4f6sPtcTO8i4vBjFoNhI%2BMLDLyPvp26Cm%2B0%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 61125b58-dc7f-477c-bfcf-c957ea234ccf
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9hm9p
cf-ray: 8e91aab3dbec747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 120ms
116ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=4006acce-ccf0-486d-8b67-1f9721da1a65&lt=1732705773516&dt=1732705773516&at=1732705773911&ae=1&an=1

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 52e85b55-c98a-4637-a322-60f42e4324ad
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gIOygz289ciz4sXXQ56LQqFicPUv%2FgPvgb8hEjKKpkVGYGpgleIWV%2B%2Bw1UynIKuV3e%2BuySRvzjloe73iEIHLZOKZDp7Mskg3E78r9wMXRNDhrFsyy%2Ffn%2FIyjoxldSIEsiUNXTAE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 52e85b55-c98a-4637-a322-60f42e4324ad
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-p5nh4
cf-ray: 8e91aab3dbf2747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 94ms
92ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=c9479060-d14c-4615-a32b-0459a89d218c&lt=1732705773473&dt=1732705773550&at=1732705773912&ae=1&an=1

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 15097913-f2fe-4744-8ad6-c1ffa6e4ff08
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2FMLTKHLreGTCOWh5eQjb8MaQWTMikhkRyAbPtAwa4S5fZj9WcQhepKvIaCW5nn6hk99u0IpD5PKf2bH4sB4jzhpLC2GV3rxUcr4%2FTSIC5CVGqKcr2HNmsPaScjwDT1GV9T5zuU%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 15097913-f2fe-4744-8ad6-c1ffa6e4ff08
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-g6ppr
cf-ray: 8e91aab3dbf8747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 99ms
94ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=c9479060-d14c-4615-a32b-0459a89d218c&lt=1732705773473&dt=1732705773550&at=1732705773913&ae=1&an=1

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 773977ca-6248-41d2-8f08-5fa0ef285b4b
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZiV15ctXDfEY50b8%2B1f9pcDhJjFjyFjsznulGIeJlrisOhDEuNAimKDJaM%2FQ3eAdfLkuWAfGDP8henJem3qpZrmpw4HxRWUex9BkIv8DRfEVQX5tKibAkD5LJ9hq1s3nMr56czg%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 773977ca-6248-41d2-8f08-5fa0ef285b4b
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 4
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9hm9p
cf-ray: 8e91aab3ebfd747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 119ms
115ms Script
application/javascript 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2831317&pg=f343d88a-4182-4505-8642-501713775db0&lt=1732705773517&dt=1732705773517&at=1732705773914&ae=1&an=1

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.26.0/otBannerSdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: noindex, follow
x-request-id: 490d7856-16cf-486c-b4e5-f2f898c97afe
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2FB1mUXWTMEGKqGGX1ZVvApgRawZZAt8sV90xaR83A8VjRneIy6LeL75DcqqaPMif5JHJzQD8wfzKV1l4mx01enKh%2BWNv%2BdwYza%2FMFl5Gso8GkyCSRXGJE2UqcaqbF8XD%2FpynEI%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:34 GMT
x-hubspot-correlation-id: 490d7856-16cf-486c-b4e5-f2f898c97afe
content-type: application/javascript;charset=utf-8
last-modified: Wed, 27 Nov 2024 11:09:34 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lhrml
cf-ray: 8e91aab3ec02747a-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/961512488/ 5 KB
2 KB 82ms
81ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/961512488/?random=1732705774730&cv=11&fst=1732705774730&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

1a56fd65905927a3fcf0274bd7b9e1f827c8132fa440280787be61f255868696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2454
date: Wed, 27 Nov 2024 11:09:34 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 961512488
td.doubleclick.net/td/rul/ Frame DD14 0
0 109ms
95ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/961512488?random=1732705774730&cv=11&fst=1732705774730&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-961512488&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Nov 2024 11:09:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 650549125923608 Show response
connect.facebook.net/signals/config/ 76 KB
15 KB 158ms
158ms Script
application/x-javascript 31.13.80.12
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/650549125923608?v=2.9.176&r=stable&domain=blog.eclecticiq.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.12 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-yyz1.fbcdn.net

Software

Resource Hash

ab9e98a4b7e577fe3d71f1710f038e4e6e3b03064c56cf47f758b281be0be686

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-aKJeaZdJ' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-aKJeaZdJ' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=66, rtx=0, c=64, mss=1232, tbw=72627, tp=70, tpl=0, uplat=91, ullat=0
pragma: public
x-fb-debug: SuVx7Zzb+O+SmziGub8WPjL2M6eR49K4O++EkIWlx6EwQg1Q8xdcBHKZD3xZvcsc2dOT0BDNE/KJDkTnTq1jrg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 adsct
t.co/i/ 43 B
471 B 369ms
131ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=c696abbd-8d84-4e1f-b768-945eb68e4657&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=92dac185-e507-4449-a7d3-e9e54770262c&tw_document_href=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o29j6&type=javascript&version=2.3.31

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=0
x-transaction-id: b4383ad55a4711f7
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 8845844a12b29526f8c7eb70594c23c73decdd8211c32be45e6e63c72e95f039
cf-cache-status: DYNAMIC
cf-ray: 8e91aab64c85b3dd-MIA
x-response-time: 76
content-length: 43
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
215 B 368ms
125ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=c696abbd-8d84-4e1f-b768-945eb68e4657&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=92dac185-e507-4449-a7d3-e9e54770262c&tw_document_href=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o29j6&type=javascript&version=2.3.31

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 5cf85f80197ccc6e
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 696fe6f8fecab289e08cb58e0c3651af576841caaccf24670d51131b993d213a
x-response-time: 85
content-length: 43
date: Wed, 27 Nov 2024 11:09:34 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H2 200 adsct
t.co/i/ 43 B
630 B 363ms
127ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=5076db02-6a3a-4814-a8e8-77cbbbb8904c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=92dac185-e507-4449-a7d3-e9e54770262c&tw_document_href=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o29j6&type=javascript&version=2.3.31

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=0
x-transaction-id: 1c1ada222355a276
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 668d799b814b088ac5254cd258caf4849bbe3b85adcfa9b26780d5c7a3cc3a74
cf-cache-status: DYNAMIC
cf-ray: 8e91aab64c86b3dd-MIA
x-response-time: 73
content-length: 43
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
391 B 288ms
46ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=5076db02-6a3a-4814-a8e8-77cbbbb8904c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=92dac185-e507-4449-a7d3-e9e54770262c&tw_document_href=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o29j6&type=javascript&version=2.3.31

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 9555df358b9166c0
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 696fe6f8fecab289e08cb58e0c3651af576841caaccf24670d51131b993d213a
x-response-time: 7
content-length: 43
date: Wed, 27 Nov 2024 11:09:34 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1002 B 389ms
153ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=39867&time=1732705774838&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: gzip
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
access-control-allow-methods: GET, OPTIONS
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: application/json
access-control-allow-headers: *
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-fs-uuid: 000627e30039b8b9c6c78183ac64c927
x-msedge-ref: Ref A: E5D8960778DB4C70974DF7D2CBC9EC47 Ref B: MIAEDGE1709 Ref C: 2024-11-27T11:09:35Z
x-restli-protocol-version: 1.0.0
x-li-uuid: AAYn4wA5uLnGx4GDrGTJJw==
access-control-allow-origin: *
x-li-source-fabric: prod-lva1

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39867%26time%3D1732705774838%26li_adsId%3Df5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8%26...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor...

0
705 B

216ms
123ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&cookiesTest=true&liSync=true&e_ipv6=AQJq2ky6bpnT4QAAAZNtT_AMRbA0_zuU78JkzChk5xIvgT2AGRvJ8C6CiCcVZziqdim12g
Requested by: Host: blog.eclecticiq.com
URL: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-msedge-ref: Ref A: 38B6EB6117FD4A068F231327B2FFB272 Ref B: MIAEDGE1320 Ref C: 2024-11-27T11:09:35Z
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYn4wBFDKR8DY9QB0+CQQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39867&time=1732705774838&li_adsId=f5fc5fba-a6c9-40e3-99fc-962ba9f0d1c8&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&cookiesTest=true&liSync=true&e_ipv6=AQJq2ky6bpnT4QAAAZNtT_AMRbA0_zuU78JkzChk5xIvgT2AGRvJ8C6CiCcVZziqdim12g
x-msedge-ref: Ref A: 75F76D6EFF1A47328AE00AD90F2FCD09 Ref B: MIAEDGE2911 Ref C: 2024-11-27T11:09:35Z
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYn4wBBc8NgoA7rjnKFgw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 27 Nov 2024 11:09:35 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
565 B 339ms
101ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9E108E2A851C46F08E445741B8FE2404 Ref B: MIAEDGE2911 Ref C: 2024-11-27T11:09:35Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYn4wA5ydtvS3mrG85bgw==
x-li-proto: http/2
access-control-allow-origin: https://blog.eclecticiq.com
x-cache: CONFIG_NOCACHE
date: Wed, 27 Nov 2024 11:09:35 GMT
vary: Origin

GET
H2 200 modules.86621fa4aeada5bcf025.js Show response
script.hotjar.com/ 222 KB
55 KB 294ms
72ms Script
application/javascript 18.164.96.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.86621fa4aeada5bcf025.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2950447.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.87 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-87.jfk50.r.cloudfront.net

Software

Resource Hash

feb5c0ee05ef970a3cf34bac95d465e96ccb3a3df353b3a641d9391c168e68ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
content-encoding: br
etag: "ff8702986a1c41356391628a5f5d6f03"
age: 593848
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: DGSlZikuDxgT_z3sRbcNamEGOZH1JnIjkSWn95zE6b_FhnwzPofc-A==
date: Wed, 20 Nov 2024 14:12:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 20 Nov 2024 14:11:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 b5fe18267507cb61755963d8928a60f4.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56243
x-amz-cf-pop: JFK50-P5

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
994 B 62ms
60ms Script
text/javascript 2607:f8b0:4006:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: br
age: 227
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Wed, 27 Nov 2024 12:05:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:05:47 GMT
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 697
x-xss-protection: 0
server: sffe

GET
H3 200 /
www.google.com/pagead/1p-user-list/961512488/ 42 B
64 B 102ms
101ms Image
image/gif 172.217.165.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/961512488/?random=1732705774488&cv=11&fst=1732705200000&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dKtW4zQc9iLYMXw7aPfOwRkGrxTJqHw&random=4070497523&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 27 Nov 2024 11:09:35 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/961512488/ 42 B
64 B 111ms
110ms Image
image/gif 172.217.165.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/961512488/?random=1732705774580&cv=11&fst=1732705200000&bg=ffffff&guid=ON&async=1&gtm=45be4bk0za200zb71624837&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dT9N2PL1V6Qn5IzrU0R0XHgLTQ186QA&random=3902415087&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 27 Nov 2024 11:09:35 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 199002342.js Show response
bat.bing.com/p/action/ 363 B
421 B 81ms
80ms Script
application/javascript 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/199002342.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E70C7A35826343E498866DCF7114B937 Ref B: MIAEDGE1618 Ref C: 2024-11-27T11:09:34Z
x-cache: CONFIG_NOCACHE
date: Wed, 27 Nov 2024 11:09:34 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

POST
H2 204 matomo.php
eclecticiq.matomo.cloud/ 0
177 B 522ms
213ms Ping
text/plain 3.126.133.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eclecticiq.matomo.cloud/matomo.php?action_name=blog.eclecticiq.com%2FFinancially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&idsite=1&rec=1&r=973174&h=1&m=9&s=34&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&_id=96aa1c5981cefcee&_idn=1&send_image=0&_refts=0&pv_id=MITNk3&fa_pv=1&fa_fp[0][fa_vid]=fCjbOF&fa_fp[0][fa_id]=hsForm_13931385-b411-4165-9e58-573322610620_6065&fa_fp[0][fa_fv]=1&fa_fp[1][fa_vid]=bsQmuW&fa_fp[1][fa_id]=hsForm_13931385-b411-4165-9e58-573322610620_9884&fa_fp[1][fa_fv]=1&pf_net=115&pf_srv=412&pf_tfr=40&pf_dm1=1206&uadata=%7B%22formFactors%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200

Requested by

Host: cdn.matomo.cloud
URL: https://cdn.matomo.cloud/eclecticiq.matomo.cloud/matomo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.133.169 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-133-169.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=31536000
access-control-allow-origin: https://blog.eclecticiq.com
date: Wed, 27 Nov 2024 11:09:35 GMT
vary: X-Forwarded-Proto,User-Agent
server: Apache
access-control-allow-credentials: true

POST
H2 204 collect
analytics.google.com/g/ 0
0 246ms
73ms Fetch
text/plain 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-R78SQ447KS&gtm=45je4bk0v878467757z871624837za200zb71624837&_p=1732705773155&em=tv.1~em.DausOwoaeDFxwojCdOpD3-elETcdZ8LusRHTWE58rrA&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&gdid=dZTQ1Zm&cid=114135273.1732705775&ecid=1837735581&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1732705774&sct=1&seg=0&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&dt=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&en=page_view&_fv=1&_ss=1&tfd=3073
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-R78SQ447KS&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://blog.eclecticiq.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
556 B 220ms
63ms Ping
text/plain 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-R78SQ447KS&cid=114135273.1732705775&gtm=45je4bk0v878467757z871624837za200zb71624837&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-R78SQ447KS&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c09::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://blog.eclecticiq.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 7B04 0
0 103ms
77ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-R78SQ447KS&gacid=114135273.1732705775&gtm=45je4bk0v878467757z871624837za200zb71624837&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=914412513

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-R78SQ447KS&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 27 Nov 2024 11:09:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 247ms
76ms Fetch
text/plain 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-R78SQ447KS&gtm=45je4bk0v878467757z871624837za200zb71624837&_p=1732705773155&em=tv.1~em.DausOwoaeDFxwojCdOpD3-elETcdZ8LusRHTWE58rrA&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&gdid=dZTQ1Zm&cid=114135273.1732705775&ecid=1837735581&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_eu=AAAC&_s=2&sid=1732705774&sct=1&seg=1&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&dt=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&en=page_view&_et=3&tfd=3077
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-R78SQ447KS&l=dataLayer&cx=c&gtm=45He4bk0v71624837za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://blog.eclecticiq.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.56/ 66 KB
28 KB 96ms
59ms Script
application/javascript 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.56/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/567qii4cnk
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: dc1da692990307185621fd661b7305e29d3a0a5ba0f0d998e5a1463a17c57044

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-azure-ref: 20241127T110935Z-17958fbc6d48xklbhC1MIA0g100000000wgg00000000gwtp
cache-control: public, max-age=86400
x-ms-version: 2018-03-28
content-encoding: br
etag: W/"0x8DD041B2B98F09E"
x-fd-int-roxy-purgeid: 79034942
x-ms-request-id: 6d9c5319-001e-0079-5d71-36d2ff000000
access-control-allow-origin: *
x-cache: TCP_HIT
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 13 Nov 2024 19:41:29 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/961512488/ 42 B
64 B 113ms
102ms Image
image/gif 172.217.165.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/961512488/?random=1732705774730&cv=11&fst=1732705200000&bg=ffffff&guid=ON&async=1&gtm=45be4bk0z871624837za201&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&hn=www.googleadservices.com&frm=0&tiba=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1328429672.1732705775&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dg9NfujYBEiEjSUwglCwSjFwIWPILow&random=3664712517&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Wed, 27 Nov 2024 11:09:35 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 200 collect Show response
www.google-analytics.com/j/ 3 B
26 B 101ms
94ms XHR
text/plain 172.217.165.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=881477930&t=pageview&_s=1&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&ul=en-us&de=UTF-8&dt=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEAjAAAAACAAI~&jid=121424272&gjid=1272158826&cid=114135273.1732705775&tid=UA-49513487-1&_gid=655179666.1732705775&_r=1&_slc=1&gtm=45He4bk0n71MC7MVCv71624837za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=767628023

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lax30s03-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 11:09:35 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://blog.eclecticiq.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 162ms
67ms Image
text/plain 31.13.80.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=650549125923608&ev=PageView&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&rl=&if=false&ts=1732705775088&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732705775076.921289862530267357&cs_est=true&ler=empty&cdl=API_unavailable&it=1732705774810&coo=false&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.36 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-yyz1.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=73, rtx=0, c=23, mss=1232, tbw=4497, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
196 B 256ms
163ms Image
image/png 31.13.80.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=650549125923608&ev=PageView&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&rl=&if=false&ts=1732705775088&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732705775076.921289862530267357&cs_est=true&ler=empty&cdl=API_unavailable&it=1732705774810&coo=false&rqm=FGET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.80.36 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-yyz1.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7441914639147364439"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 70B+Il8525lK79aHTJt9Ay5RjtRdUQIuT30fufu2A2+e2eEksoPy5tQxpBBC4VkPNTpsgQK+iEJFlKozRDHr6Q==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7441914639147364439", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=70, rtx=0, c=23, mss=1232, tbw=4865, tp=13, tpl=0, uplat=95, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 204 0
bat.bing.com/action/ 0
358 B 63ms
62ms Image
text/plain 2620:1ec:33::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=199002342&tm=gtm002&Ver=2&mid=e9df84f1-9a48-436f-b362-ec7a76728678&bo=1&sid=15c0da80acb011ef98ef9d91c401e628&vid=15c15b90acb011efb5294fb0b569a293&vids=1&msclkid=N&gtm_tag_source=1&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&p=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&r=&lt=1789&evt=pageLoad&sv=1&cdb=AQET&rn=180006

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A3E4A821DA24C85AA20A6E53C2D71C4 Ref B: MIAEDGE1618 Ref C: 2024-11-27T11:09:35Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Wed, 27 Nov 2024 11:09:35 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 61ms
60ms Image
image/gif 172.217.165.142
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=881477930&t=event&ni=1&_s=2&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&ul=en-us&de=UTF-8&dt=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=1ucpktg&_u=aHBAAEAjAAAAACAAI~&jid=&gjid=&cid=114135273.1732705775&tid=UA-49513487-1&_gid=655179666.1732705775&gtm=45He4bk0n71MC7MVCv71624837za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cd12=https%3A%2F%2Fclarity.microsoft.com%2Fga%2F567qii4cnk%2Fjaxpdo%2F1ucpktg&z=1789115480

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lax30s03-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

age: 38957
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 00:20:18 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 61ms
60ms Image
image/gif 172.217.165.142
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=881477930&t=event&ni=1&_s=3&dl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&ul=en-us&de=UTF-8&dt=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=1ucpktg&_u=aHBAAEAjAAAAACAAI~&jid=&gjid=&cid=114135273.1732705775&tid=UA-49513487-1&_gid=655179666.1732705775&gtm=45He4bk0n71MC7MVCv71624837za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855~102081485&cd12=https%3A%2F%2Fclarity.microsoft.com%2Fga%2F567qii4cnk%2Fjaxpdo%2F1ucpktg&z=1869430674

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lax30s03-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

age: 38957
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 27 Nov 2024 00:20:18 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
283 B 236ms
74ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://blog.eclecticiq.com
Date: Wed, 27 Nov 2024 11:09:35 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
283 B 229ms
164ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://blog.eclecticiq.com
Date: Wed, 27 Nov 2024 11:09:35 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
476 B 112ms
101ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775940&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: f80e6de9-415b-42ad-b351-67d9f51b29e0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4sgK7%2BhlYjJRwK0UdHh6gM4%2FpWQSip5%2BhlUoEHZDtJ7s%2F2jBE0l6dm%2FezkRVYqLh8c5ZjAJwcPkpeJ2vKa0q%2FwAT7Yoj4f0vaw%2B%2BXc74fK5xuKwC89GHzXZ9%2F1iWKOdCVoDUvcyGYHj%2FhPjmal4W"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: f80e6de9-415b-42ad-b351-67d9f51b29e0
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-p98g6
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8e91aabbd9130a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
647 B 127ms
83ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 22fe8e84-d70a-4bb7-9c97-68892fe6f185
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: 22fe8e84-d70a-4bb7-9c97-68892fe6f185
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 27 Nov 2024 11:09:36 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-wwjgh
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8e91aabc1a09da8b-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
505 B 102ms
97ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22e65cc8f4-762c-404c-9fab-eb19f6028e97%22%2C%22d4e94273-b145-40a7-b7a2-5e86565080d2%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775949&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: ce0062ed-b4ac-4600-b09e-7c718f3e80de
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kcOuOlmraVvYiyoFHS78sbW7TMe86WnOj8X%2FijbmOlZJdDsSyGjY%2BXCSHzeFCteDe8iy7exFqh8UV6l9iKPvDun8OWe082%2F7yX6%2B23W%2BG3JQA3vUktQqXO%2Fw4MWSutKuJO%2Fkv015f3D%2BpIOjXXkq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: ce0062ed-b4ac-4600-b09e-7c718f3e80de
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-nc9kd
x-envoy-upstream-service-time: 8
access-control-allow-credentials: false
cf-ray: 8e91aabbd9200a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
452 B 109ms
105ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%224006acce-ccf0-486d-8b67-1f9721da1a65%22%2C%22061f7af0-2646-44c4-830d-aba5cda9af98%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775950&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 8dd45279-c71c-4626-8679-cf6ac1b2a288
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Og9H6%2Fkse5bVkzIJY9kDc1ELZET%2FeTqxTouLs%2FSIZJAtnWr7bAkpqDnSei3XLnfbyM550D93CkNOt7cPdRawBKclsYSA59xGW8ScU3iNtQ%2Fyqunf9mv%2BoXA3tdsvZa4HauQ0kliBwVgynnEs6Qdw"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: 8dd45279-c71c-4626-8679-cf6ac1b2a288
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-nvspw
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8e91aabbd9250a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
503 B 104ms
100ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c9479060-d14c-4615-a32b-0459a89d218c%22%2C%22b43f0302-bbc2-44e3-b9ae-88fae07872ef%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775950&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: e8602944-a1c1-4fa7-9d18-57a8439b2902
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVT8nm8Iqz%2F3FdakuXOmlJSVWD%2BDF%2BO0QcvoygIe4tYi9gehUg1cDJUeh36V26V%2BAtPQbzL%2Bxl2RW6MbTF9ZMoyqoPfjSF222oK6tpoIVI0FO0NpIx2lZy4ves%2BFfTvwj984tRThxu2omwAFrVaJ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: e8602944-a1c1-4fa7-9d18-57a8439b2902
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-p2x5n
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8e91aabbd9290a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
657 B 110ms
106ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22f343d88a-4182-4505-8642-501713775db0%22%2C%22bff70bac-177a-42cd-93ca-6ef0ac21a74b%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775951&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: ad74cd50-1662-41b8-a4b5-7f77676d44ee
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ytVrpG9RcmwiIuW2CA%2BFe%2F%2BZidWajrbGE1pScP2RfCM4ps6aEy7oAMJ7OfvUvWYjMi7v6HRP1LEr4X%2FSa%2Bc5J7wHpFlVwfiIVLVc6fF%2BozeSDFEO2y%2BC6pZssPr5lG9whl2CCTcFxLX%2BxXGN7hYF"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: ad74cd50-1662-41b8-a4b5-7f77676d44ee
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-28bjt
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8e91aabbd92c0a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
621 B 104ms
101ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=13931385-b411-4165-9e58-573322610620&fci=5e3da00d-f799-47c0-81db-2ed5b0b1cd9e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775951&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: a8aa2f22-d60b-402f-8806-b1565ca3f71e
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGG%2FOVouesH9yNAtIRy29p17StNI%2FSxWzy7bXMyu9HFlPYVdOc7nE8%2Bg4zIXLewSRMXMPgC2zFwbQ14qT7ockx1R2zASBCbSlhLjTVHOmN8b4bAIph5pWbbrIxGMtZhro4JBtNFYGlANI8pT3Z9q"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: a8aa2f22-d60b-402f-8806-b1565ca3f71e
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-9fq2m
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8e91aabbd9320a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
469 B 88ms
86ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=13931385-b411-4165-9e58-573322610620&fci=ac6262ea-800b-4507-b8e8-b0bb5b183b00&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705775952&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 70e47d67-bc66-4933-998e-b4362ffeff8f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzWDBca6gB34q0tA3lZRwSBO3nt%2B6vH7UwBmCLPPg8oBWe6StiR7FcveWl%2FUgnvcY4qdDM7gwGGPiG6R6dGwx9ykpgadORZheiWXuZ2Q%2BgQqjTwnj6AyaW5KMfkWrNhPUc2cioL5d1ILpp9WBOu8"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: 70e47d67-bc66-4933-998e-b4362ffeff8f
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-7l5j6
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8e91aabc89c20a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=70ADC5E1A6CE4C0EA2B354604CBF8A3C&RedC=c.clarity.ms&MXFR=0752D8C2628E68FC037ACD86668E6622
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=70ADC5E1A6CE4C0EA2B354604CBF8A3C&MUID=2414205E32AB61C10ED1351A330C6067

42 B
441 B

53ms
52ms

Image
image/gif

20.110.205.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=70ADC5E1A6CE4C0EA2B354604CBF8A3C&MUID=2414205E32AB61C10ED1351A330C6067
Protocol: H2
Server: 20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
etag: "8d3dafd6e71fdb1:0"
accept-ranges: bytes
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 42
date: Wed, 27 Nov 2024 11:09:35 GMT
content-type: image/gif
last-modified: Wed, 16 Oct 2024 16:24:13 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

Redirect headers

cache-control: private, no-cache, proxy-revalidate, no-store
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=70ADC5E1A6CE4C0EA2B354604CBF8A3C&MUID=2414205E32AB61C10ED1351A330C6067
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02721B96D13149E8AAD1FBE1405786F7 Ref B: MIAEDGE1615 Ref C: 2024-11-27T11:09:36Z
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length: 0
date: Wed, 27 Nov 2024 11:09:35 GMT
x-powered-by: ASP.NET

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 17 KB
7 KB 100ms
97ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2831317&utk=e64db938d4dff8040ff71710607749c2&__hstc=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&__hssc=154846311.1.1732705775921&contentId=183055953041&currentUrl=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0905cb00c64732ad0e3b645627d4227781a31f83a1d32c128684e5ed6b8a0e93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: bb240cb5-2cf1-45eb-b5d2-72b00315e2d4
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tq7keMO%2Bnvx0p7Rz%2Fe%2BnqLtNtNFb6GzPbuYvJ5vechB49dVFq7N7Wos3%2BbDtlzm9RwXqlqW4oOApZQaYJIb0QXHxrbu3%2BHDAaJlsCxf9yD3Xdb0L8%2Fc%2Barjc9tgR2zI7FDScpu8rkU3C70uZB2hB"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: bb240cb5-2cf1-45eb-b5d2-72b00315e2d4
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-q5dzg
x-envoy-upstream-service-time: 23
access-control-allow-credentials: false
cf-ray: 8e91aabc1bcbdaad-MIA
access-control-allow-origin: https://blog.eclecticiq.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 favicon-32x32.png
blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/favicons/ 118 B
2 KB 66ms
65ms Other
image/webp 199.60.103.225
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.eclecticiq.com/hubfs/raw_assets/public/eclecticiq/assets/favicons/favicon-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.225 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f5ccd9ae20a324e60568a69993ab770b4912d11ebcdafa39c712427382046e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
cf-cache-status: HIT
etag: "c30b04ffbb9e96fd2988f2d4caf89d4c"
age: 1970917
cache-tag: F-47367553908,FD-47367553907,P-2831317,FLS-ALL
x-amz-version-id: V9BWE2c8Gsz1ueDLcBEYto8uqvohbiPk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lktya6rZ1iWmU7QN1gYVBhRxRS8nfp32lhtMO5Cv1DfihklpxOEFAxZE8BoKZTQ1JWkipKS4C88mcZ4QUiU6WsDHHUPFhyjRZbHE%2BbsJ8Hc5vphXAuNq9RjBL89l6JAayZtGVa4%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=RpHhQc6hWN.NFhRmPpngoZUA08ZIAAyJc0c_qVLopH0-1732705776-1.0.1.1-JLeyjfFmmvh9CxJ4OshnJL4yYzOz2xS1MiIp0jIAEpZfgqqAkalO7.zEhOUWrk.jORad6Kq45MKAXhteqjONCoAuQYHwFpGRhztze6BR1raGwnWODbvu34zp0EVYGX.Wg3ucPMQ7RGddc6Y3m2LwO1y_5L.Fu2R6RW8ndsrQNHY"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Nu9qY8jxYvn6nnRkZPWmJBz6epirPMAfEsAkw7_sfnVxelSJrPuZkA==
content-type: image/webp
content-disposition: inline; filename="favicon-32x32.webp"
last-modified: Tue, 18 May 2021 06:45:24 GMT
priority: u=1,i
x-amz-meta-index-tag: none
x-amz-replication-status: COMPLETED
edge-cache-tag: F-47367553908,FD-47367553907,P-2831317,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: 9B772QPY012W9D23
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-47367553908,FD-47367553907,P-2831317,FLS-ALL
content-length: 118
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
cf-polished: origFmt=png, origSize=312
date: Wed, 27 Nov 2024 11:09:36 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: rWJMyKNxhhD63Y0ZXSFG2+xE+gMOHYmdbrk9vQnEp28oSacokrM2wSOQWZ3eEPbO1Wwvqfz+x7E=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=RpHhQc6hWN.NFhRmPpngoZUA08ZIAAyJc0c_qVLopH0-1732705776-1.0.1.1-JLeyjfFmmvh9CxJ4OshnJL4yYzOz2xS1MiIp0jIAEpZfgqqAkalO7.zEhOUWrk.jORad6Kq45MKAXhteqjONCoAuQYHwFpGRhztze6BR1raGwnWODbvu34zp0EVYGX.Wg3ucPMQ7RGddc6Y3m2LwO1y_5L.Fu2R6RW8ndsrQNHY; report-to cf-csp-endpoint
via: 1.1 2fe82b22dfffd878b4fbdc9a1d847330.cloudfront.net (CloudFront)
cf-ray: 8e91aabc2b0b747a-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1621320323525

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
522 B 91ms
89ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=aa75f443-8f4b-4bb6-a3d4-5bc6c43f9fbe&lfi=347125&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=2831317&pi=183055953041&ct=blog-post&ccu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors&cpi=183055953041&cgi=5888282128&lpi=183055953041&lvi=183055953041&lvc=en-us&pu=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&t=Financially+Motivated+Threat+Actor+Leveraged+Google+Docs+and+Weebly+Services+to+Target+Telecom+and+Financial+Sectors&cts=1732705776105&vi=e64db938d4dff8040ff71710607749c2&nc=true&u=154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1&b=154846311.1.1732705775921&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

x-robots-tag: none
x-request-id: 99742b3b-e13f-4e33-8bc7-451714e59570
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xr4KZ%2Bgh%2F1u%2FOOB3ezJCAQT1np2YU969AkXA1JsfwF8bmZ1rW%2FTMnpivx0aRJYZeT1P7iowHOTjifLtmdYOFiQ6qhAK%2FLUv4JCmPOvaxItHy2Q0HCzGkFFwHAOpy4gPBpAfXZQVYjcW3D9279elF"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 27 Nov 2024 11:09:36 GMT
x-hubspot-correlation-id: 99742b3b-e13f-4e33-8bc7-451714e59570
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-sg9kj
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8e91aabcc9e00a22-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
283 B 71ms
69ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://blog.eclecticiq.com
Date: Wed, 27 Nov 2024 11:09:37 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 e.gif
new-collect.albacross.com/ 37 B
103 B 450ms
142ms Image
image/gif 108.128.9.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://new-collect.albacross.com/e.gif?s=JSCollector%2C3.1.3&e0=pageview&ci0=7e89c325-5467-82e0-7b58-23445869dbd9&v0=042608e3-7c63-8904-9f4b-2fb190e65d2c&p0=249b226a-fcdb-6426-0d78-974e45be5b81&u0=249b226a-fcdb-6426-0d78-974e45be5b81&c0=89698850&t0=1732705774816&ur0=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&ti0=Financially%20Motivated%20Threat%20Actor%20Leveraged%20Google%20Docs%20and%20Weebly%20Services%20to%20Target%20Telecom%20and%20Financial%20Sectors&re0=1600&re0=1200&o0=landscape-primary
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.9.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-9-227.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

date: Wed, 27 Nov 2024 11:09:38 GMT
content-type: image/gif
content-length: 37

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
283 B 63ms
61ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.56/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/x-clarity-gzip
Referer: https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors?hss_channel=tw-2469058513

Response headers

Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
Access-Control-Allow-Origin: https://blog.eclecticiq.com
Date: Wed, 27 Nov 2024 11:09:40 GMT
Vary: Origin
Server: nginx
Connection: keep-alive
Access-Control-Allow-Credentials: true

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.eclecticiq.com/	1970-01-21 01:18:27	Name: __cf_bm Value: y2pXh5oDVf99zsRYrpcufBgHI.hE9xFt0ZJPs5ZjMsA-1732705772-1.0.1.1-LTy.BzQlmLd8d.V5WbnM8w1K3WOADKMV6a58a0wNHlribZ9VP7_e9nWRZiIPcZzhDFPP1c.O3IPGFgeHjl8NTg
.blog.eclecticiq.com/	1969-12-31 23:59:59	Name: __cfruid Value: e1b1e50db0da60cfb7cb35c2104d4d3412332000-1732705772
.hubspot.com/	1970-01-21 01:18:27	Name: __cf_bm Value: EN3DDR1fgZCSDzog6rWk7yd32G9Q52Fc8Hrdmm83f_Y-1732705772-1.0.1.1-0YzrWqNa5Y_5mHadsE_RAvDr_a99mSiFcz_xQSxZgtJCLaNr7l.xvG4uzdK2EKclFYBeicUq6obfI5.rUg3ZAQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 8qwl2AGjj_xwwfoO.M5z7NvB5Y8fh1ofuUcFrjbXOUA-1732705772678-0.0.1.1-604800000
.go.eclecticiq.com/	1970-01-21 01:18:27	Name: __cf_bm Value: EjUU_Ievf1.StpZri22WXTI7G1g.OV4uETGUZkFtEPg-1732705773-1.0.1.1-bFsMGG6nfNBus9AwhETIbfuWIWdzOE1K.7uOGgOEj6zQq1h4t9cBSIJsYCNmkpNtKAVcS79tBvhdUSMmEalMjA
.go.eclecticiq.com/	1969-12-31 23:59:59	Name: __cfruid Value: 68f361a4a0447c99b459a84d03c9e4f9b5da05f8-1732705773
.hsforms.com/	1970-01-21 01:18:27	Name: __cf_bm Value: 1b5y9bVFEzLY.ZP7ibkjPN9.CPn9twjwlrtHdvR_Yjk-1732705774-1.0.1.1-gmViPaI.Xy4z.uMfMpf54iYvhkWAo2hTxMxv2S5UcNSvWRuz3Iu_SZuf0vlFPcaSKqZRyBPXk03DLaZgGbvNXQ
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: yvBWyQdUDpiUpoiDfkjVGFgMjciBla07OGmAkCylo_g-1732705774284-0.0.1.1-604800000
.eclecticiq.com/	1970-01-21 03:28:01	Name: _gcl_au Value: 1.1.1328429672.1732705775
.eclecticiq.com/	1970-01-21 10:04:01	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Nov+27+2024+01%3A09%3A34+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.26.0&isIABGlobal=false&hosts=&consentId=0707a0d4-3329-4d1b-9de3-12896443977f&interactionCount=0&landingPath=https%3A%2F%2Fblog.eclecticiq.com%2Ffinancially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors%3Fhss_channel%3Dtw-2469058513&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
www.clarity.ms/	1970-01-21 10:04:01	Name: CLID Value: 2772c543de8a4b80893d2c26c8bcfb32.20241127.20251127
blog.eclecticiq.com/	1970-01-21 10:04:01	Name: nQ_cookieId Value: 7e89c325-5467-82e0-7b58-23445869dbd9
blog.eclecticiq.com/	1970-01-21 01:18:27	Name: nQ_userVisitId Value: 042608e3-7c63-8904-9f4b-2fb190e65d2c
.doubleclick.net/	1970-01-21 10:54:25	Name: IDE Value: AHWqTUl9EkXvdUHWlt9x3eX-pVmv8y-HpiyFvU004SaNAc8LQpNehXI62HAAkG6d
.eclecticiq.com/	1970-01-21 01:19:52	Name: _gid Value: GA1.2.655179666.1732705775
.eclecticiq.com/	1970-01-21 10:44:20	Name: _pk_id.1.fcd7 Value: 96aa1c5981cefcee.1732705775.
.eclecticiq.com/	1970-01-21 01:18:27	Name: _pk_ses.1.fcd7 Value: 1
.eclecticiq.com/	1970-01-21 10:54:25	Name: _ga Value: GA1.1.114135273.1732705775
.eclecticiq.com/	1970-01-21 10:54:25	Name: _ga_R78SQ447KS Value: GS1.1.1732705774.1.1.1732705774.60.0.1837735581
.eclecticiq.com/	1970-01-21 01:18:25	Name: _gat_UA-49513487-1 Value: 1
.eclecticiq.com/	1970-01-21 03:28:01	Name: _fbp Value: fb.1.1732705775076.921289862530267357
.eclecticiq.com/	1970-01-21 01:19:52	Name: _uetsid Value: 15c0da80acb011ef98ef9d91c401e628
.eclecticiq.com/	1970-01-21 10:40:01	Name: _uetvid Value: 15c15b90acb011efb5294fb0b569a293
.bing.com/	1970-01-21 10:40:01	Name: MUID Value: 2414205E32AB61C10ED1351A330C6067
.bat.bing.com/	1970-01-21 01:28:30	Name: MR Value: 0
.eclecticiq.com/	1970-01-21 10:04:01	Name: _clck Value: jaxpdo%7C2%7Cfr8%7C0%7C1792
.twitter.com/	1970-01-21 10:54:25	Name: personalization_id Value: "v1_ETx/jESItjSGJpMAsA5ciQ=="
.t.co/	1970-01-21 10:54:25	Name: muc_ads Value: f977d8e6-8c0f-40e0-b283-a393835f546b
.t.co/	1970-01-21 01:18:27	Name: __cf_bm Value: sAGu71FwRjcLw9jVL50lDYKxgOgAXUergqUOW.v92WU-1732705775-1.0.1.1-oT5JyqAZW5O365wqlmJz6MUSt_oaRP9h4Sd2NP.xxEdmlcCpVbIA3dPAkXhErUF1sGEUY7TvZ3Q2XDYrfj3bNQ
.linkedin.com/	1970-01-21 03:28:01	Name: li_sugr Value: 97e05b12-e271-404f-86b9-f5ec8c958eec
.linkedin.com/	1970-01-21 10:04:01	Name: bcookie Value: "v=2&76b72b5b-5e72-4fcc-82a5-6fb8835ed7bf"
.linkedin.com/	1970-01-21 01:19:52	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2992:u=1:x=1:i=1732705775:t=1732792175:v=2:sig=AQFLwOyRIwu-u9BhK1Ag_fcdfCwuE-Dz"
.eclecticiq.com/	1970-01-21 10:04:01	Name: _hjSessionUser_2950447 Value: eyJpZCI6ImNiYWVjZDliLWU3OGUtNWI4My05YWM5LTI2MTRmOWJkZTcyOCIsImNyZWF0ZWQiOjE3MzI3MDU3NzUyOTMsImV4aXN0aW5nIjpmYWxzZX0=
.eclecticiq.com/	1970-01-21 01:18:27	Name: _hjSession_2950447 Value: eyJpZCI6IjBhNzhmMGQyLTZiM2UtNGNkNS05ODA0LWMyZWRiNDU4MGI2YyIsImMiOjE3MzI3MDU3NzUyOTQsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/	1970-01-21 02:01:37	Name: UserMatchHistory Value: AQIlgESa-GsX7wAAAZNtT-8CBk9vuN2F0U426CZGK7d0kSBz2Q4OiipWsMceeKt0ObG9eMZvMVfBcA
.linkedin.com/	1970-01-21 02:01:37	Name: AnalyticsSyncHistory Value: AQKZ79e3VkVqQAAAAZNtT-8CAEGg3k5pO2d5kL3d_fI07vTvOYCM0Bb0Y1Rv00Yy9ZIiAFE_EulOnBRK4fDUUA
.eclecticiq.com/	1970-01-21 01:19:52	Name: _clsk Value: 1ucpktg%7C1732705775547%7C1%7C1%7Cw.clarity.ms%2Fcollect
.www.linkedin.com/	1970-01-21 10:04:01	Name: bscookie Value: "v=1&202411271109352866645e-36bc-40e3-8c6a-e5450665b863AQEozAUI4tlAgN0Fl3npkcsUNfVXJovn"
.eclecticiq.com/	1970-01-21 05:37:37	Name: __hstc Value: 154846311.e64db938d4dff8040ff71710607749c2.1732705775921.1732705775921.1732705775921.1
.eclecticiq.com/	1970-01-21 05:37:37	Name: hubspotutk Value: e64db938d4dff8040ff71710607749c2
.eclecticiq.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.eclecticiq.com/	1970-01-21 01:18:27	Name: __hssc Value: 154846311.1.1732705775921
.c.bing.com/	1970-01-21 01:28:30	Name: MR Value: 0
.c.bing.com/	1970-01-21 10:40:01	Name: SRM_B Value: 2414205E32AB61C10ED1351A330C6067
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 10:40:01	Name: MUID Value: 2414205E32AB61C10ED1351A330C6067
.c.clarity.ms/	1970-01-21 01:28:30	Name: MR Value: 0
.c.clarity.ms/	1970-01-21 01:18:26	Name: ANONCHK Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
analytics.twitter.com
api.hubapi.com
app.hubspot.com
bat.bing.com
blog.eclecticiq.com
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.matomo.cloud
cloud.typography.com
connect.facebook.net
cookie-cdn.cookiepro.com
cta-service-cms2.hubspot.com
eclecticiq.matomo.cloud
forms-na1.hsforms.com
forms.hubspot.com
geolocation.onetrust.com
go.eclecticiq.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsleadflows.net
js.hubspot.com
new-collect.albacross.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
serve.albacross.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
td.doubleclick.net
track.hubspot.com
w.clarity.ms
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
104.18.80.204
104.19.175.188
104.244.42.67
108.128.9.227
13.107.42.14
13.33.252.108
142.251.32.98
142.251.40.168
151.101.44.157
162.159.140.229
172.217.165.132
172.217.165.142
18.164.96.5
18.164.96.87
199.60.103.225
20.110.205.119
23.201.184.101
23.96.124.156
2600:141b:1c00:6::17df:d10d
2600:141b:b000::173b:fbd0
2600:9000:24f0:1000:c:7d55:b3c0:93a1
2606:4700:4400::6812:2089
2606:4700:4400::ac40:9310
2606:4700:4400::ac40:97a6
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8cd1
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6812:8c11
2606:4700::6812:f46c
2606:4700::6813:afbc
2607:f8b0:4004:c09::9c
2607:f8b0:4006:809::200e
2607:f8b0:4006:821::2002
2607:f8b0:4006:821::2008
2607:f8b0:4006:823::200e
2620:1ec:21::14
2620:1ec:33::10
2620:1ec:bdf::40
2620:1ec:c11::237
2a04:4e42:400::485
3.126.133.169
31.13.80.12
31.13.80.36
001d4aa7663bdc60c02f6d8d2d0d7b319bb3e744c66d4451f1341661371a4d70
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
065fb76b57bfaa2051dcc3ce27b70cbe7863f569a7c197852f85da7c74fadee9
0905cb00c64732ad0e3b645627d4227781a31f83a1d32c128684e5ed6b8a0e93
155c64ff00132648d31b6509459a8ce61f7f2177acfc66ccb405b4fa2a0d4ae7
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
19b8b7a969cd613a5f4af1598a649b33456bef5c22d09fe4a5c5459ab4fe50fb
1a56fd65905927a3fcf0274bd7b9e1f827c8132fa440280787be61f255868696
1a698c74490479a5416aa247d047f9b175ca375015e158d67d9a7c93bef0681b
1ad9293d02eba50c8367ace52a26d0d360f0ed671166174aebff35847ea86403
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
240b0b120cc07d49aaa956439c3e635ffc940d3260cfea4411e12a734c4a146b
27acae6830ad6680c38e4167348ce5f384bf68d7d9c9a581d95702fc17d97d2a
3628be465ec3d28413b23bd425c36d30ab28016eb5f6d2f702ca7f5ae883e93f
364f896afbcfd44d3713cbd2ec7392ebe1e6ac182324ad247f48fa46f3ba259c
371e99b1570fa00de0657d00a91fb4978de157493521be01c1ee094756e3ad54
400f7fabe28b89834e86df85044f49cef21301f0efc25027db3e5bbec38b855c
4234ee451b24731e732f45fbfe1d9974b85acd4d34a2d7698377e2ecee031d42
42840d2baced8fd75f9e674bdd73eab5bf48fb2ad0e97da029ec1b483eff6775
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
49059d42ad3423fb9f04b2330cdce035e4d555aa9ea7a7ceae097de0c69be05d
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
4fffa61ae5c243db53073b59404c859c4a00ef49df30e1f3b69e43f5c8133d77
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
555507a0fdbe203425308ae99f5a07f837c2afc38f890c1982bff23b2957c2ad
5c9e05b63198d6ecbed5ee7504f4c96a35c7b69cedc9a464b37956378999df9e
5eaf48ec337b83d60446bc14f263c5dead397af877dcbf49266f3860aa68f31d
66c4915b482a45c23cb7d724fb26c2b1e819affee8367f7015ece86e6fcd5732
6920b95f2b38b405f9932005eb14a44556c32fec22efb5d7a58e22f959a13282
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c77b48d36e588f72ee41c56e387d123e32c087e2d7a400f583f599da6a5acc5
6ebd341b0dcba3267890177d9f36041bd04d2e32369069d0d5d8bec36af0305d
6fe8bca03c3223a0b46131917c0f916680a3475dfc3ba9decae57af844ca07a7
71cfd0bf781e3f393bca283fc9d44777a2036985a4ffe9abedf14909e63a8aef
79e594b795aa469ff099614a023b90f72ef1672cb41aa57bcc4c653466584029
7a13ff7330c657decb943dd0475139300d2f0fbb8d9388a547e6b4feef0bd432
7d4a41692cbc80dd2c2fb23e80bc4fb288633fe873117f8e4c6982d53c03e98a
7da70cf9858a1863598948425a822a12498360801418089ac94192dd5d2598dd
7f5ccd9ae20a324e60568a69993ab770b4912d11ebcdafa39c712427382046e5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8895c8e73d7fc9ee9fe7ce2c05e320bf49e95d499c52d84ed9c0f87ecf54d2e0
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
900d34b958961d57587b55d5aad8f4f6a1a1ffcf46fa55bb59506896a7fe942c
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
94320c5de3563f14a2af3776e5a8f41f264bc7f7db0c7b29d50e94ebaa9c8e31
9477de29d0447d38174d46cb2179224bd29b96c7647b4d1d2417f8323e2b091d
972688e6f6c24d2b23019a796b19f90515ba5f4ff744747c072b79fa44de3432
98b071a446b6ef9771d185dab1377c585fc94620136b4a891a00bb17ae9ed980
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a3a728bee932cf14dc34bcc0cef03137ec497491c16a7c643565a5941f2399eb
a679b6e30841afeab4a056a3c9a8ca287c6b927fb88ed46b7668c0e4600d5c0e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ab9e98a4b7e577fe3d71f1710f038e4e6e3b03064c56cf47f758b281be0be686
abd96e35625aaa0d926661ee8fb009afb3df4cd14bd586090196ace4c7950d3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad21bce8da754cfbaa1408b31abf7526cb3850d821faf620913e5ec9c824f6b1
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b26a37736a1c5a3e268b492a0b89a278c88208bdf6ea88543c0720c0317854c8
b7204ef81502dc1279ad372bbae9b4388ee51713e15d395a0755ed3035f919bd
c2792465de23b07c4a4a42bdaecfa564228d9f7d3d0a2aec9bb43b591d505c97
c2b5cac90427af9fad82e4adc4adcd9525413cef56e57acbb3453bded83ac0e8
ca47687fdd9bebfb8b267acff8ba13b36a39cd0daa13152a3fdab6805cdd86ba
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
d265ccf2f9b22e6af67a95bfa4af525f46f70a1ce86628f1270d1c47b5526f28
d3348a27f0b6cdf7f66eaae26ee8930ebb6996fc4e45ebdbe7615e20ddb5c558
d3e0f572f227807f514348819b583d34124fa7662a0bcd6241d827f9430c24e3
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc1da692990307185621fd661b7305e29d3a0a5ba0f0d998e5a1463a17c57044
de0c45ec7d9e1c855d521f24dc5e3bfd081055b864b19f4ef65e9e6f6877da8c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfbc6f14aa1ece087d34da8e25c9bc329b4a6d3757f87748ca4b5319c8a01d7f
e2821f9c6a3d6e1319b712d97545a182312d82e8fc0f8725e9e60dc10728de9c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff164ad39f311f3c538b3670d570a96424e18f76798999e4ff29153afb9fe1b
f2745239f7c61a76d5d456853ce195876099382f6ffc7ac42dad311541c1801c
fa8c44d6e0594921a365b69aa84bc6d026445b51b67a5c0d9afd369b663216f5
faa5df63e7b22367b8ed72e5d99e4e53278069eefc1dc5e9f7fac8ac78bd3004
fd4a801e15230cf2f68928e1d91f6608cbd2d3ae71a39cffed0a2a262d8aa821
feb5c0ee05ef970a3cf34bac95d465e96ccb3a3df353b3a641d9391c168e68ad
fff6b1e56bd4db74845bc382e5212749a310f4766677383bb24e93acc1233b4e

blog.eclecticiq.com Open in urlscan Pro 199.60.103.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

137 Requests

98 %HTTPS

53 %IPv6

29 Domains

50 Subdomains

44 IPs

5 Countries

1947 kBTransfer

5919 kBSize

48 Cookies

73 Outgoing links

Redirected requests

137 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.eclecticiq.com Open in urlscan Pro
199.60.103.225 Public Scan

Screenshot
Live screenshot

Full Image

137
Requests

98 %
HTTPS

53 %
IPv6

29
Domains

50
Subdomains

44
IPs

5
Countries

1947 kB
Transfer

5919 kB
Size

48
Cookies

137 HTTP transactions
4 data transactions