Submitted URL: https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04
Effective URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6...
Submission: On October 31 via api from DE

Summary

This website contacted 41 IPs in 8 countries across 38 domains to perform 137 HTTP transactions. The main IP is 2a04:4e42:1b::740, located in Ascension Island and belongs to FASTLY, US. The main domain is www.forcepoint.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 24th 2020. Valid for: 2 years.
This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 199.60.103.254 209242 (CLOUDFLAR...)
3 64 2a04:4e42:1b:... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 104.111.215.136 16625 (AKAMAI-AS)
4 2600:9000:209... 16509 (AMAZON-02)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 185.33.221.50 29990 (ASN-APPNEX)
1 99.86.2.95 16509 (AMAZON-02)
6 34.96.102.137 15169 (GOOGLE)
1 143.204.101.28 16509 (AMAZON-02)
1 2600:9000:209... 16509 (AMAZON-02)
1 3 34.249.66.13 16509 (AMAZON-02)
2 18.195.43.194 16509 (AMAZON-02)
4 68.232.35.12 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.109.95.62 20940 (AKAMAI-ASN1)
2 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
1 151.101.13.131 54113 (FASTLY)
2 52.85.32.38 16509 (AMAZON-02)
1 1 2606:2800:234... 15133 (EDGECAST)
2 151.101.112.157 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 5 23.210.248.216 16625 (AKAMAI-AS)
3 2a03:2880:f02... 32934 (FACEBOOK)
1 5 89.163.159.104 24961 (MYLOC-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 6 2a05:f500:11:... 14413 (LINKEDIN)
3 3 2620:1ec:21::14 8068 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 99.86.2.19 16509 (AMAZON-02)
1 1 54.246.3.97 16509 (AMAZON-02)
1 54.171.23.184 16509 (AMAZON-02)
2 104.244.42.5 13414 (TWITTER)
3 2a03:2880:f12... 32934 (FACEBOOK)
1 192.28.144.124 15224 (OMNITURE)
1 52.49.47.228 16509 (AMAZON-02)
2 15.237.76.117 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
1 52.21.175.83 14618 (AMAZON-AES)
1 151.101.114.110 54113 (FASTLY)
2 104.244.42.3 13414 (TWITTER)
2 162.247.242.18 23467 (NEWRELIC-...)
137 41
Apex Domain
Subdomains
Transfer
66 forcepoint.com
www.forcepoint.com
analyticsssl.forcepoint.com
1 MB
9 linkedin.com
px.ads.linkedin.com
www.linkedin.com
5 KB
6 adroll.com
s.adroll.com
d.adroll.com
70 KB
6 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com
102 KB
6 sharethis.com
ws.sharethis.com
l.sharethis.com
40 KB
5 theadex.com
dmp.theadex.com
16 KB
4 demdex.net
dpm.demdex.net
websenseinc.demdex.net
3 KB
3 facebook.com
www.facebook.com
457 B
3 facebook.net
connect.facebook.net
160 KB
3 twitter.com
platform.twitter.com
analytics.twitter.com
1 KB
3 google-analytics.com
www.google-analytics.com
19 KB
3 bizible.com
cdn.bizible.com
34 KB
3 tiqcdn.com
tags.tiqcdn.com
111 KB
2 nr-data.net
bam.nr-data.net
460 B
2 t.co
t.co
573 B
2 ads-twitter.com
static.ads-twitter.com
4 KB
2 driftt.com
js.driftt.com
45 KB
2 ubembed.com
6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
assets.ubembed.com
163 KB
2 licdn.com
snap.licdn.com
3 KB
2 marketo.net
munchkin.marketo.net
6 KB
2 consensu.org
c.sharethis.mgr.consensu.org
d.adroll.mgr.consensu.org
137 B
2 adnxs.com
secure.adnxs.com
2 KB
2 googleapis.com
ajax.googleapis.com
92 KB
2 silobreaker.com
info.silobreaker.com
3 KB
1 newrelic.com
js-agent.newrelic.com
11 KB
1 nextroll.com
nextroll.com
2 KB
1 everesttech.net
cm.everesttech.net
554 B
1 mktoresp.com
018-nkf-008.mktoresp.com
311 B
1 bizibly.com
cdn.bizibly.com
202 B
1 google.de
www.google.de
106 B
1 google.com
www.google.com
253 B
1 doubleclick.net
stats.g.doubleclick.net
90 B
1 zoominfo.com
ws.zoominfo.com
723 B
1 googletagmanager.com
www.googletagmanager.com
37 KB
1 cloudfront.net
d5phz18u4wuww.cloudfront.net
56 KB
1 ml-api.io
attr.ml-api.io
484 B
1 ml-attr.com
s.ml-attr.com
283 B
1 cloudflare.com
cdnjs.cloudflare.com
2 KB
137 38
Domain Requested by
64 www.forcepoint.com 3 redirects info.silobreaker.com
www.forcepoint.com
connect.facebook.net
6 px.ads.linkedin.com 3 redirects www.forcepoint.com
6 dev.visualwebsiteoptimizer.com tags.tiqcdn.com
dev.visualwebsiteoptimizer.com
www.forcepoint.com
d5phz18u4wuww.cloudfront.net
5 dmp.theadex.com 1 redirects tags.tiqcdn.com
www.forcepoint.com
dmp.theadex.com
5 s.adroll.com 1 redirects tags.tiqcdn.com
www.forcepoint.com
s.adroll.com
4 ws.sharethis.com www.forcepoint.com
ws.sharethis.com
3 www.facebook.com www.forcepoint.com
3 www.linkedin.com 3 redirects
3 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
3 www.google-analytics.com tags.tiqcdn.com
www.google-analytics.com
www.forcepoint.com
3 cdn.bizible.com tags.tiqcdn.com
www.forcepoint.com
cdn.bizible.com
3 dpm.demdex.net 1 redirects www.forcepoint.com
3 tags.tiqcdn.com www.forcepoint.com
tags.tiqcdn.com
2 bam.nr-data.net js-agent.newrelic.com
cdn.bizible.com
2 analytics.twitter.com platform.twitter.com
2 analyticsssl.forcepoint.com cdn.bizible.com
www.forcepoint.com
2 t.co www.forcepoint.com
2 static.ads-twitter.com www.forcepoint.com
tags.tiqcdn.com
2 js.driftt.com tags.tiqcdn.com
js.driftt.com
2 snap.licdn.com tags.tiqcdn.com
snap.licdn.com
2 munchkin.marketo.net tags.tiqcdn.com
www.forcepoint.com
2 l.sharethis.com ws.sharethis.com
www.forcepoint.com
2 secure.adnxs.com 2 redirects
2 ajax.googleapis.com www.forcepoint.com
2 info.silobreaker.com 1 redirects
1 js-agent.newrelic.com www.forcepoint.com
1 nextroll.com www.forcepoint.com
1 cm.everesttech.net 1 redirects
1 websenseinc.demdex.net tags.tiqcdn.com
1 018-nkf-008.mktoresp.com cdn.bizible.com
1 cdn.bizibly.com www.forcepoint.com
1 d.adroll.com www.forcepoint.com
1 d.adroll.mgr.consensu.org 1 redirects
1 assets.ubembed.com 6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
1 www.google.de www.forcepoint.com
1 www.google.com www.forcepoint.com
1 stats.g.doubleclick.net www.google-analytics.com
1 ws.zoominfo.com tags.tiqcdn.com
1 www.googletagmanager.com tags.tiqcdn.com
1 platform.twitter.com 1 redirects
1 6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com tags.tiqcdn.com
1 c.sharethis.mgr.consensu.org ws.sharethis.com
1 d5phz18u4wuww.cloudfront.net tags.tiqcdn.com
1 attr.ml-api.io www.forcepoint.com
1 s.ml-attr.com 1 redirects
1 cdnjs.cloudflare.com www.forcepoint.com
137 46
Subject Issuer Validity Valid
info.silobreaker.com
Cloudflare Inc ECC CA-3
2020-06-30 -
2021-06-30
a year crt.sh
*.forcepoint.com
Sectigo RSA Organization Validation Secure Server CA
2020-01-24 -
2022-01-23
2 years crt.sh
upload.video.google.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-10-21 -
2021-10-20
a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA
2020-03-16 -
2021-06-15
a year crt.sh
sharethis.com
Amazon
2020-08-17 -
2021-09-16
a year crt.sh
*.ml-api.io
Amazon
2020-02-06 -
2021-03-06
a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2020-06-19 -
2022-07-06
2 years crt.sh
*.cloudfront.net
DigiCert Global CA G2
2020-05-26 -
2021-04-21
a year crt.sh
sharethis.mgr.consensu.org
Amazon
2020-05-05 -
2021-06-05
a year crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
io.bizible.com
DigiCert SHA2 Secure Server CA
2020-10-07 -
2021-11-08
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
z.ssl.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-09-02 -
2021-04-23
8 months crt.sh
drift.com
Amazon
2020-09-21 -
2021-10-23
a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2020-08-14 -
2021-08-19
a year crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA
2020-01-29 -
2021-04-29
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-09-11 -
2020-12-10
3 months crt.sh
*.theadex.com
GeoTrust RSA CA 2018
2019-10-11 -
2021-10-10
2 years crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3
2020-07-04 -
2021-07-04
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-02-05
6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
www.google.com
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
www.google.de
GTS CA 1O1
2020-10-06 -
2020-12-29
3 months crt.sh
assets.ubembed.com
Amazon
2020-04-04 -
2021-05-04
a year crt.sh
adroll.mgr.consensu.org
Amazon
2020-10-08 -
2021-11-07
a year crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2022-01-21
2 years crt.sh
analyticsssl.forcepoint.com
DigiCert SHA2 High Assurance Server CA
2020-08-10 -
2021-11-17
a year crt.sh
nextroll.com
Let's Encrypt Authority X3
2020-09-20 -
2020-12-19
3 months crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-23 -
2021-05-07
6 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh

This page contains 6 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Frame ID: 2C7292CF1197792A9CD3340B7DA6F3D1
Requests: 154 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: D1EBA928C1D318B4C0D63237E79BFD8B
Requests: 1 HTTP requests in this frame

Frame: https://websenseinc.demdex.net/dest5.html?d_nsid=0
Frame ID: 90FEC178434BD2EC510C1B838606B6B3
Requests: 1 HTTP requests in this frame

Frame: https://dmp.theadex.com/r/506/3014/?c=4242187308272478158&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&adex_consent_checked=1604145707
Frame ID: 045F7B0E778A9CDA34B64DC4EA778F32
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 35699BB90D6AA6796D15E270ADC515F9
Requests: 1 HTTP requests in this frame

Frame: https://ws.sharethis.com/secure5x/index.html
Frame ID: 46F98D0BEE543DE31FD7A61DC5AC54F9
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04 Page URL
  2. https://info.silobreaker.com/events/public/v1/track/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkf... HTTP 307
    https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=8897474... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /ubembed\.com/i

Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /munchkin\.marketo\.net\/munchkin\.js/i

Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

137
Requests

100 %
HTTPS

39 %
IPv6

38
Domains

46
Subdomains

41
IPs

8
Countries

2478 kB
Transfer

6273 kB
Size

32
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04 Page URL
  2. https://info.silobreaker.com/events/public/v1/track/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04?_ud=80a03580-089a-4364-a68e-316ffe5eeede&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
    https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1474304064923860060
Request Chain 88
  • https://www.forcepoint.com/ajax/eu-cookie-compliance/ HTTP 301
  • https://www.forcepoint.com/ajax/eu-cookie-compliance
Request Chain 96
  • https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145707309 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145707309
Request Chain 104
  • https://platform.twitter.com/oct.js HTTP 301
  • https://static.ads-twitter.com/oct.js
Request Chain 112
  • https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.5777810298254122 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D2141257%26fmt%3Dgif%26_rnd%3D0.5777810298254122%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.5777810298254122&liSync=true
Request Chain 113
  • https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.6445979366817001 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D1681282%26fmt%3Dgif%26_rnd%3D0.6445979366817001%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.6445979366817001&liSync=true
Request Chain 123
  • https://s.adroll.com/j/exp/2GRHXEZSJNFRTPMEC6ZM2B/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 125
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/2GRHXEZSJNFRTPMEC6ZM2B?_s=b903f87e13ba508c2bc003ce1460ca97&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=b903f87e13ba508c2bc003ce1460ca97&_b=2
Request Chain 131
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145707441&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D258729%26time%3D1604145707441%26url%3Dhttps%253A%252F%252Fwww.forcepoint.com%252Fblog%252Fx-labs%252Fphishing-scam-attacking-brazil-pix-instant-payment%253F_hsmi%253D88974744%2526_hsenc%253Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145707441&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&liSync=true
Request Chain 137
  • https://dmp.theadex.com/trace.js?adex_consent=1 HTTP 303
  • https://dmp.theadex.com/trace.js?adex_consent=1&axd_sc=4242187308272478158
Request Chain 140
  • https://cm.everesttech.net/cm/dd?d_uuid=18344337633082910464400957634470870191 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SKwAABoPWEi3-
Request Chain 144
  • https://www.forcepoint.com/js/forms2/css/forms2.css HTTP 301
  • https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
Request Chain 145
  • https://www.forcepoint.com/js/forms2/css/forms2-theme-simple.css HTTP 301
  • https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

137 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04
info.silobreaker.com/e2t/sc2/
7 KB
2 KB
Document
General
Full URL
https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., GB),
Reverse DNS
Software
cloudflare /
Resource Hash
d13d2b53b4c831de48ab2c643aa9e2b3f7cf5de0716c85ca24aa858a8c9d71df

Request headers

:method
GET
:authority
info.silobreaker.com
:scheme
https
:path
/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sat, 31 Oct 2020 12:01:44 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=dde2ee4f419d65de2eea923bf68ca3f8e1604145704; expires=Mon, 30-Nov-20 12:01:44 GMT; path=/; domain=.info.silobreaker.com; HttpOnly; SameSite=Lax __cfruid=df4501f55ff8230ceee1cd26dd724fc4b2ec9f51-1604145704; path=/; domain=.info.silobreaker.com; HttpOnly; Secure; SameSite=None
cf-ray
5ead391cfdd60c0d-AMS
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
cf-request-id
062022061d00000c0d1828f000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer
server
cloudflare
content-encoding
br
Primary Request phishing-scam-attacking-brazil-pix-instant-payment
www.forcepoint.com/blog/x-labs/
Redirect Chain
  • https://info.silobreaker.com/events/public/v1/track/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04?_ud=80a03580-089a-4364-a68e-316ffe5eeede&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p
  • https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7...
90 KB
26 KB
Document
General
Full URL
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Requested by
Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
18dfd5ec32dd554315f38d3a26928fe8e29ee504b7a0388ac72e64577c60077b
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.forcepoint.com
:scheme
https
:path
/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04

Response headers

status
200
cache-control
public, max-age=1800
content-encoding
gzip
content-language
en
content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
content-type
text/html; charset=utf-8
etag
W/"1604145705-0"
expires
Sun, 19 Nov 1978 05:00:00 GMT
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
last-modified
Sat, 31 Oct 2020 12:01:45 GMT
link
<https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment>; rel="canonical",<https://www.forcepoint.com/node/37140>; rel="shortlink"
server
nginx
strict-transport-security
max-age=18410000
x-content-type-options
nosniff
x-drupal-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-styx-req-id
d8a66484-1b70-11eb-9003-0601e0c6002c
x-ua-compatible
IE=Edge,chrome=1
age
0 0 0 0 0 0 0
accept-ranges
bytes bytes bytes bytes bytes bytes bytes
via
1.1 varnish 1.1 varnish 1.1 varnish 1.1 varnish
date
Sat, 31 Oct 2020 12:01:46 GMT
x-served-by
cache-mdw17335-MDW, cache-mdw17350-MDW, cache-hhn4024-HHN, cache-hhn4070-HHN
x-cache
MISS, MISS, MISS, MISS
x-cache-hits
0, 0, 0, 0
x-timer
S1604145705.935285,VS0,VE1402
vary
Accept-Encoding, x-geo-country, Cookie, orig-host
content-length
23995

Redirect headers

status
307
date
Sat, 31 Oct 2020 12:01:44 GMT
location
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
cf-ray
5ead391d7ee40c0d-AMS
link
<https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts>; rel="canonical"
vary
Accept-Encoding
cf-cache-status
MISS
access-control-allow-credentials
false
cf-request-id
062022066e00000c0dde1bf000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer
x-robots-tag
none
server
cloudflare
Hoves_DemiBold.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
71 KB
72 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_DemiBold.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
95fa06fca5253dd4347dc57fc0cea541dc25d8fa30771904c1d00fa695603dbd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f968d27-11d88"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
73096
x-served-by
cache-mdw17362-MDW, cache-mdw17361-MDW, cache-hhn4042-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 08:47:35 GMT
server
nginx
x-timer
S1604145706.359919,VS0,VE111
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
60f8e1d9-17d6-11eb-b605-56226c185009
x-cache-hits
66883, 0, 0, 0
Hoves_Medium.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
70 KB
70 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Medium.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3a5e17dd26ebd37ea990a2591a24b1bf8da5bf6f42ddb185abcb5b14674a9bd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f968d28-11710"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
71440
x-served-by
cache-mdw17383-MDW, cache-mdw17341-MDW, cache-hhn4025-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 08:47:36 GMT
server
nginx
x-timer
S1604145706.360714,VS0,VE107
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
60fa7b49-17d6-11eb-b01e-0601e0c6002c
x-cache-hits
66326, 0, 0, 0
Hoves_Regular.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
68 KB
68 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Regular.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e29d9249450c34c94e78ea24e50f48a0921d5403c584539c7f841a18952a12f7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f97157d-10ffc"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
69628
x-served-by
cache-mdw17349-MDW, cache-mdw17349-MDW, cache-hhn4065-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 18:29:17 GMT
server
nginx
x-timer
S1604145706.360701,VS0,VE107
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-styx-req-id
6102c747-17d6-11eb-b605-56226c185009
x-cache-hits
1, 0, 0, 0
Hoves_Italic.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
74 KB
74 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Italic.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
152d33f581c1bd7b2a423e3e2fa1a2c34817751298e0829bc4154f9e04844baa
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f97157d-1265c"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
75356
x-served-by
cache-mdw17363-MDW, cache-mdw17340-MDW, cache-hhn4028-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 18:29:17 GMT
server
nginx
x-timer
S1604145706.360685,VS0,VE111
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
60fc42cf-17d6-11eb-87e4-8e589cac6792
x-cache-hits
62851, 0, 0, 0
Hoves_Light.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
69 KB
70 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Light.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8d840af08b18a0a99928ebbbb9a0b4263e08631c0177a3c74963c0e9056c3a21
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f9705dd-1158c"
age
396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
71052
x-served-by
cache-mdw17327-MDW, cache-mdw17330-MDW, cache-hhn4065-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 17:22:37 GMT
server
nginx
x-timer
S1604145706.360670,VS0,VE109
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
60fc1531-17d6-11eb-87e4-8e589cac6792
x-cache-hits
66541, 0, 0, 0
Hoves_Light_Italic.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
73 KB
73 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Light_Italic.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0cd76c0e7ab206f138acc0c00c8909b344ebeecd07986a950e1b7632eedca1cb
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f97157d-123d4"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
74708
x-served-by
cache-mdw17372-MDW, cache-mdw17360-MDW, cache-hhn4049-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 18:29:17 GMT
server
nginx
x-timer
S1604145706.360651,VS0,VE107
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-styx-req-id
6100a78e-17d6-11eb-a160-e6110f627779
x-cache-hits
62704, 0, 0, 0
Hoves_ExtraLight.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/
68 KB
68 KB
Font
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_ExtraLight.WOFF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e52e36134236de5bc2ed14fae433aeb6c3e22964df2ee8645c05acbbbd80bec0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Origin
https://www.forcepoint.com
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"5f9705dd-10f6c"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
69484
x-served-by
cache-mdw17320-MDW, cache-mdw17368-MDW, cache-hhn4071-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 17:22:37 GMT
server
nginx
x-timer
S1604145706.360630,VS0,VE109
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
orig-host
content-type
font/woff
access-control-allow-origin
*
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
610066bd-17d6-11eb-b01e-0601e0c6002c
x-cache-hits
64731, 0, 0, 0
css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css
www.forcepoint.com/sites/default/files/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/css/css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
912856e113e646cb59dd2a480be66f5463455408b458432e0a7234664608685c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974660-1820"
age
396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
2135
x-served-by
cache-mdw17362-MDW, cache-mdw17359-MDW, cache-hhn4063-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:52 GMT
server
nginx
x-timer
S1604145706.364719,VS0,VE107
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id
60fad48e-17d6-11eb-b01e-0601e0c6002c
x-cache-hits
63017, 0, 0, 0
css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
www.forcepoint.com/sites/default/files/css/
26 KB
6 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7da3716d9946f2c609d488aa7c55e83935149ce4cdce0e7d80030aa663b8dc3d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974660-68af"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
5773
x-served-by
cache-mdw17381-MDW, cache-mdw17356-MDW, cache-hhn4026-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:52 GMT
server
nginx
x-timer
S1604145706.365308,VS0,VE108
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
60f50189-17d6-11eb-87e4-8e589cac6792
x-cache-hits
62790, 0, 0, 0
css_y115L5Knt9_PZomP6LVZexCl8E3ZuDyEhxFAHrwL1fY.css
www.forcepoint.com/sites/default/files/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/css/css_y115L5Knt9_PZomP6LVZexCl8E3ZuDyEhxFAHrwL1fY.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cb5d792f92a7b7dfcf66898fe8b5597b10a5f04dd9b83c848711401ebc0bd5f6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974661-2697"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
2908
x-served-by
cache-mdw17370-MDW, cache-mdw17340-MDW, cache-hhn4021-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:53 GMT
server
nginx
x-timer
S1604145706.365271,VS0,VE108
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-styx-req-id
60fc7471-17d6-11eb-87e4-8e589cac6792
x-cache-hits
62739, 0, 0, 0
css_5mKCL5DqNGkDcKjfp6XAFnPoMyR8hINMUbZMPbq_WW0.css
www.forcepoint.com/sites/default/files/css/
13 KB
4 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/css/css_5mKCL5DqNGkDcKjfp6XAFnPoMyR8hINMUbZMPbq_WW0.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e662822f90ea34690370a8dfa7a5c01673e833247c84834c51b64c3dbabf596d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974661-3426"
age
396165, 396165, 396165, 396165, 396165
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-ct4b7
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
3292
x-served-by
cache-mdw17372-MDW, cache-mdw17352-MDW, cache-hhn4028-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:53 GMT
server
nginx
x-timer
S1604145706.365256,VS0,VE110
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:59:01 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
74fd5a14-17d6-11eb-b22b-ae96c617c498
x-cache-hits
37092, 0, 0, 0
css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
www.forcepoint.com/sites/default/files/css/
2 MB
281 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5a1a1ccce193736380d92b310e6c721d7d727d3f5a7efca350606428827a489a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f9200d4-19047a"
age
396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
286937
x-served-by
cache-mdw17339-MDW, cache-mdw17338-MDW, cache-hhn4042-HHN, cache-hhn4070-HHN
last-modified
Thu, 22 Oct 2020 21:59:48 GMT
server
nginx
x-timer
S1604145706.365234,VS0,VE110
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id
60fbca7e-17d6-11eb-b01e-0601e0c6002c
x-cache-hits
2559, 0, 0, 0
modernizr-custom.js
www.forcepoint.com/sites/all/libraries/modernizr/
11 KB
5 KB
Script
General
Full URL
https://www.forcepoint.com/sites/all/libraries/modernizr/modernizr-custom.js?qitx08
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c0e0b9f64e6354a2677f8cc7b48c489b4fac6183a86dfedc0f52bb0cc17fce3a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f96569d-2a3d"
age
396200, 396200, 396200
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
4862
x-served-by
cache-mdw17349-MDW, cache-mdw17351-MDW, cache-hhn4025-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 04:54:53 GMT
server
nginx
x-timer
S1604145706.365219,VS0,VE110
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:26 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
601e51c8-17d6-11eb-a160-e6110f627779
x-cache-hits
65591, 0, 0, 0
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.2/
94 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 29 Oct 2020 21:38:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
138217
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33495
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Oct 2021 21:38:09 GMT
js_38VWQ3jjQx0wRFj7gkntZr077GgJoGn5nv3v05IeLLo.js
www.forcepoint.com/sites/default/files/js/
39 KB
15 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_38VWQ3jjQx0wRFj7gkntZr077GgJoGn5nv3v05IeLLo.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dfc5564378e3431d304458fb8249ed66bd3bec6809a069f99efdefd3921e2cba
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974662-9a79"
age
396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
14902
x-served-by
cache-mdw17331-MDW, cache-mdw17347-MDW, cache-hhn4021-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:54 GMT
server
nginx
x-timer
S1604145706.365179,VS0,VE111
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
6100d735-17d6-11eb-87e4-8e589cac6792
x-cache-hits
69014, 0, 0, 0
forms2.min.js
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/
169 KB
67 KB
Script
General
Full URL
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/forms2.min.js?qitx08
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a793b9a0507f90f79bb2f91d160962842e4b9aeb48e1475438cdae3717e3834e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f9705dc-2a548"
age
396200, 396200, 396200, 396200, 396200
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
68073
x-served-by
cache-mdw17321-MDW, cache-mdw17321-MDW, cache-hhn4028-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 17:22:36 GMT
server
nginx
x-timer
S1604145706.365244,VS0,VE111
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:26 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
601f6a9a-17d6-11eb-87e4-8e589cac6792
x-cache-hits
3, 0, 0, 0
marketo_forms.js
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/
11 KB
4 KB
Script
General
Full URL
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/marketo_forms.js?qitx08
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
178c0cef22122f076e0bd80e16ed1cfbcf9bfe317b4c29f63e69fce067b93887
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f968d27-2ba1"
age
396200, 396200, 396200, 396200
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-ct4b7
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
3961
x-served-by
cache-mdw17366-MDW, cache-mdw17363-MDW, cache-hhn4032-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 08:47:35 GMT
server
nginx
x-timer
S1604145706.365143,VS0,VE116
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:26 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
601f7c94-17d6-11eb-b22b-ae96c617c498
x-cache-hits
69425, 0, 0, 0
munchkin.js
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/
1 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/munchkin.js?qitx08
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9483d84c3dbce2446506011035e4135b87b44657eed947acd345faa338521004
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f97157c-54b"
age
396200, 396200, 396200, 396200, 396200, 396200
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
788
x-served-by
cache-mdw17351-MDW, cache-mdw17347-MDW, cache-hhn4042-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 18:29:16 GMT
server
nginx
x-timer
S1604145706.365140,VS0,VE113
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:26 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id
60209433-17d6-11eb-b605-56226c185009
x-cache-hits
69458, 0, 0, 0
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/
223 KB
59 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 26 Oct 2020 20:12:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
402575
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60637
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 26 Oct 2021 20:12:11 GMT
jquery.stickybits.min.js
cdnjs.cloudflare.com/ajax/libs/stickybits/3.6.7/
5 KB
2 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/stickybits/3.6.7/jquery.stickybits.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bf02c9770b2f6cca2e8995e99c09c07ef6f970d78f11912f924056a3eaa44e3
Security Headers
Name Value
Strict-Transport-Security max-age=15780000

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:46 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
833713
x-via
cfworker/kv
status
200
content-length
1734
cf-request-id
0620220d7b00002bb962a74000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:16:28 GMT
server
cloudflare
etag
"5eb03fdc-1372"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=t94xABFcC7YUn4J0M%2FEhOzBU4DTX4sr%2BkSEe73tjDkgKfxVIlNVoYPPlpfhrjleBIQFtQblEiF50r8Az1J%2FXFgfcoHrRjzYhzG4yf4ljbNjv41M2nGC%2BqO8iU9x%2FSHNtaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5ead3928cec92bb9-FRA
expires
Thu, 21 Oct 2021 12:01:46 GMT
js_mMJvXJMDka1r1UQhghL_vo4efyAllmmTzPN1incU7Ro.js
www.forcepoint.com/sites/default/files/js/
63 KB
23 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_mMJvXJMDka1r1UQhghL_vo4efyAllmmTzPN1incU7Ro.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
98c26f5c930391ad6bd544218212ffbe8e1e7f2025966993ccf3758a7714ed1a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f975624-fc97"
age
392196, 392196, 392196, 392196, 392196
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
23338
x-served-by
cache-mdw17332-MDW, cache-mdw17357-MDW, cache-hhn4062-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 23:05:08 GMT
server
nginx
x-timer
S1604145706.365134,VS0,VE111
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 23:05:10 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
b24d699d-17df-11eb-87e4-8e589cac6792
x-cache-hits
57492, 0, 0, 0
js_EzB6QYg0Tw5QIjuXXUXzevFv9vziFrfj-yJS0W5RRno.js
www.forcepoint.com/sites/default/files/js/
272 B
524 B
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_EzB6QYg0Tw5QIjuXXUXzevFv9vziFrfj-yJS0W5RRno.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
13307a4188344f0e50223b975d45f37af16ff6fce216b7e3fb2252d16e51467a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974662-110"
age
396198, 396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
231
x-served-by
cache-mdw17350-MDW, cache-mdw17350-MDW, cache-hhn4054-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:54 GMT
server
nginx
x-timer
S1604145706.365113,VS0,VE109
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
61010221-17d6-11eb-a160-e6110f627779
x-cache-hits
5, 0, 0, 0
utag.sync.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
1 KB
798 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7925a2e11bef48cf274fc980f2a5e3eb9a355a6e3c875a293f3d041f4d2757ce

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:46 GMT
content-encoding
gzip
last-modified
Fri, 30 Oct 2020 22:26:01 GMT
server
AkamaiNetStorage
etag
"77c1c27cfc21a547dd5a94c062eb149d:1604096761.366583"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
572
expires
Sat, 31 Oct 2020 12:06:46 GMT
js_nRWJhQOkK2YuIyFM17gOpsF1hZbK6StRUJ1adS9xz2Y.js
www.forcepoint.com/sites/default/files/js/
21 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_nRWJhQOkK2YuIyFM17gOpsF1hZbK6StRUJ1adS9xz2Y.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9d15898503a42b662e23214cd7b80ea6c1758596cae92b51509d5a752f71cf66
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f97466b-52e0"
age
89872, 89872
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
7900
x-served-by
cache-mdw17357-MDW, cache-mdw17369-MDW, cache-hhn4053-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:58:03 GMT
server
nginx
x-timer
S1604145706.365097,VS0,VE109
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Sun, 31 Oct 2021 11:03:54 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-styx-req-id
998c8b90-1a9f-11eb-87e4-8e589cac6792
x-cache-hits
82, 0, 0, 0
js_jD8OmzLW3peUxYvgwfAf1ymkfU1Muh2j73NmuyglZKE.js
www.forcepoint.com/sites/default/files/js/
4 KB
2 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_jD8OmzLW3peUxYvgwfAf1ymkfU1Muh2j73NmuyglZKE.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8c3f0e9b32d6de9794c58be0c1f01fd729a47d4d4cba1da3ef7366bb282564a1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f84983b-10ad"
age
396185, 396185, 396185, 396185, 396185
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
1712
x-served-by
cache-mdw17336-MDW, cache-mdw17334-MDW, cache-hhn4028-HHN, cache-hhn4070-HHN
last-modified
Mon, 12 Oct 2020 17:54:03 GMT
server
nginx
x-timer
S1604145706.365572,VS0,VE108
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:41 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
690bc8c5-17d6-11eb-a160-e6110f627779
x-cache-hits
2929, 0, 0, 0
buttons.js
ws.sharethis.com/button/
58 KB
16 KB
Script
General
Full URL
https://ws.sharethis.com/button/buttons.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2093:1400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
8275ce62ba23473ad2cf760b9ac237a235261d5d38523c26d32ed4f48d4d2492

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 14:27:52 GMT
content-encoding
gzip
server
nginx/1.16.1
age
77634
etag
W/"5f80b32e-e725"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=259200
x-amz-cf-pop
HAM50-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
L8D8MhYRovd6QROu8h3YfwqOsPqO2bqSbJJjYyYlL3pSSb02xYO_CQ==
via
1.1 6c314f9bc806736c483494e492792b33.cloudfront.net (CloudFront)
expires
Mon, 02 Nov 2020 14:27:52 GMT
js_3TmJ_qUXQcot-bnUMi2wLTeAmLXcyoNCoCCaeerfiTM.js
www.forcepoint.com/sites/default/files/js/
27 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_3TmJ_qUXQcot-bnUMi2wLTeAmLXcyoNCoCCaeerfiTM.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd3989fea51741ca2df9b9d4322db02d378098b5dcca8342a0209a79eadf8933
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f974663-6d63"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
7970
x-served-by
cache-mdw17357-MDW, cache-mdw17368-MDW, cache-hhn4025-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 21:57:55 GMT
server
nginx
x-timer
S1604145706.365563,VS0,VE106
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
6100d78a-17d6-11eb-b605-56226c185009
x-cache-hits
62719, 0, 0, 0
js_FJP39RlZcyrYzsj0WyS8EXc2N_dMm_R6GiP2a0fVlbY.js
www.forcepoint.com/sites/default/files/js/
35 KB
12 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_FJP39RlZcyrYzsj0WyS8EXc2N_dMm_R6GiP2a0fVlbY.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1493f7f51959732ad8cec8f45b24bc11773637f74c9bf47a1a23f66b47d595b6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f7f39d8-8dd6"
age
396108, 396108, 396108, 396108
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6j5jb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
12292
x-served-by
cache-mdw17344-MDW, cache-mdw17330-MDW, cache-hhn4053-HHN, cache-hhn4070-HHN
last-modified
Thu, 08 Oct 2020 16:10:00 GMT
server
nginx
x-timer
S1604145706.365528,VS0,VE109
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:59:57 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
966932e8-17d6-11eb-bd65-8a04a199118e
x-cache-hits
25295, 0, 0, 0
js_9q813eiJY8Vo0j6iY2enraFixYox7Dz1BFvn6oUALB8.js
www.forcepoint.com/sites/default/files/js/
3 KB
1 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_9q813eiJY8Vo0j6iY2enraFixYox7Dz1BFvn6oUALB8.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f6af35dde88963c568d23ea26367a7ada162c58a31ec3cf5045be7ea85002c1f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f84983b-a75"
age
396185, 396185, 396185
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
1018
x-served-by
cache-mdw17348-MDW, cache-mdw17321-MDW, cache-hhn4033-HHN, cache-hhn4070-HHN
last-modified
Mon, 12 Oct 2020 17:54:03 GMT
server
nginx
x-timer
S1604145706.365507,VS0,VE107
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:41 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-styx-req-id
690b7a9c-17d6-11eb-b605-56226c185009
x-cache-hits
2692, 0, 0, 0
forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
2 KB
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f96c570-6ad"
age
396197, 396197
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
783
x-served-by
cache-mdw17347-MDW, cache-mdw17357-MDW, cache-hhn4049-HHN, cache-hhn4070-HHN
access-control-allow-origin
*
last-modified
Mon, 26 Oct 2020 12:47:44 GMT
server
nginx
x-timer
S1604145707.772166,VS0,VE110
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:29 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-styx-req-id
61b7d663-17d6-11eb-b605-56226c185009
x-cache-hits
64876, 0, 0, 0
why_fp_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/
13 KB
14 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/why_fp_menu_image.jpg?itok=7PZkDIzY
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"y1mjf0jHj5/8cr/KUpS5f44OJyHbzOR7xlO/5djNFzg"
age
1395693, 1395693
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=15805 idim=396x395 ifmt=jpeg ofsz=13734 odim=396x395 ofmt=webp
status
200
fastly-stats
io=1
content-length
13734
x-served-by
cache-mdw17381-MDW, cache-mdw17364-MDW, cache-hhn4021-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.889892,VS0,VE6
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
3f9431f3-0ebf-11eb-b01e-0601e0c6002c
expires
Sat, 16 Oct 2021 08:20:13 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 89, 0
dup_2.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
938 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dup_2.png?itok=n_tCvBod
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9013ff56b3eb7dacea9886c26ddead020a8cd81822f40ead55df95b779941b14
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"Cg/hYh8EOhYRIuxSmJfuxz90saFRXEnbdrCuDE9MlzE"
age
2762210, 2762210
x-pantheon-styx-hostname
styx-fe3-a-857f974764-5dm8n
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1737 idim=48x48 ifmt=png ofsz=938 odim=48x48 ofmt=webp
status
200
fastly-stats
io=1
content-length
938
x-served-by
cache-mdw17344-MDW, cache-mdw17335-MDW, cache-hhn4053-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.903323,VS0,VE5
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
94320a8f-0251-11eb-be7b-0ab2c53138bd
expires
Thu, 30 Sep 2021 12:44:56 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 86, 0
dup_3.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
932 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dup_3.png?itok=9kqBfQ6p
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
519be4598150ebd07de7df2af974a5928f956f617b4cecb376181f34bf7b1df6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"Co/FPfbd0r1kjwGJZCkhpbc1BNixTH3YoiDBKcCM74A"
age
2762049, 2762049
x-pantheon-styx-hostname
styx-fe3-a-857f974764-5dm8n
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1738 idim=48x48 ifmt=png ofsz=932 odim=48x48 ofmt=webp
status
200
fastly-stats
io=1
content-length
932
x-served-by
cache-mdw17369-MDW, cache-mdw17340-MDW, cache-hhn4020-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.915945,VS0,VE6
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
f40d1d6a-0251-11eb-be7b-0ab2c53138bd
expires
Thu, 30 Sep 2021 12:47:37 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 86, 0
ddp.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
788 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/ddp.png?itok=wITbcMhf
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
88a9f854838d4933c158c0b65f9e855992a05790931fdd5e588f637cb82d07c6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"dXjcIrBEEzC28GI2Loui2HixN4eNIAB0TKs71eri02A"
age
4315427, 4315427, 4315427
x-pantheon-styx-hostname
styx-fe3-a-857f974764-zpnn5
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1645 idim=48x48 ifmt=png ofsz=788 odim=48x48 ofmt=webp
status
200
fastly-stats
io=1
content-length
788
x-served-by
cache-mdw17349-MDW, cache-mdw17324-MDW, cache-hhn4027-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.930135,VS0,VE5
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
36ca85a4-f431-11ea-a39b-5ad90953acbe
expires
Sun, 12 Sep 2021 13:17:59 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 7913, 0
ddp-positive.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
924 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/ddp-positive.png?itok=VN8WgY8l
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3bf68fd8998873a2885f9a5e2baccf393024fa7ebb9e992aa260dfe542e1aea0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"Xvs4XcPwxa50ZBYesg38NG/X9lABMhkY/I4qnyLSvog"
age
4314575, 4314575, 4314575
x-pantheon-styx-hostname
styx-fe3-b-5f5d494784-sd7mq
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1237 idim=48x48 ifmt=png ofsz=924 odim=48x48 ofmt=webp
status
200
fastly-stats
io=1
content-length
924
x-served-by
cache-mdw17378-MDW, cache-mdw17328-MDW, cache-hhn4035-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.943269,VS0,VE6
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
3293c086-f433-11ea-a099-824fe7a30f67
expires
Sun, 12 Sep 2021 13:32:11 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 84, 0
dep.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
840 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dep.png?itok=Pits8bG4
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7da0540e0b536da199335da765f4aa358878f41b295d64fea84e1ee7ae5c73ca
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"pdavfN5jKtYrjFgMsVztM8PJKTmYNfgbvvkV8igjM34"
age
4315423, 4315423
x-pantheon-styx-hostname
styx-fe3-a-857f974764-sxp7b
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=1082 idim=48x48 ifmt=png ofsz=840 odim=48x48 ofmt=webp
status
200
fastly-stats
io=1
content-length
840
x-served-by
cache-mdw17377-MDW, cache-mdw17363-MDW, cache-hhn4032-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.949994,VS0,VE6
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
388386fe-f431-11ea-aa2e-2e3c83a662d4
expires
Sun, 12 Sep 2021 13:18:02 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
3, 1, 84, 0
dep-positive.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
976 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dep-positive.png?itok=71ow2RHw
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7c7037514836388334db2f123a214f7ec133481a2d7d128adb62693b5ce9dcef
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"Xq40KOT666Dw74pppNkkPYaJ/kj8VcWWEaEW0/3IAlk"
age
2598121, 2598121, 2598121
x-pantheon-styx-hostname
styx-fe3-a-857f974764-6bzgv
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=1277 idim=48x48 ifmt=png ofsz=976 odim=48x48 ofmt=webp
status
200
fastly-stats
io=1
content-length
976
x-served-by
cache-mdw17350-MDW, cache-mdw17360-MDW, cache-hhn4042-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.962984,VS0,VE5
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
a117b680-03cf-11eb-aa06-7ae2cf59cc15
expires
Sat, 02 Oct 2021 10:19:46 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
1, 1, 48, 0
use_cases_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/
15 KB
16 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/use_cases_menu_image.jpg?itok=t2CzlWjd
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
913a3d6d72df757623fc7a1ef37ef84e60ffbff83cb9514aa01a39db05f7bee4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"xgQzsw1eUmUMk+mocFPy2y4aDYSCiyj9vhaqhltMTuo"
age
3213852, 3213852, 3213852
x-pantheon-styx-hostname
styx-fe3-a-857f974764-dlq64
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=17090 idim=398x398 ifmt=jpeg ofsz=15748 odim=398x398 ofmt=webp
status
200
fastly-stats
io=1
content-length
15748
x-served-by
cache-mdw17352-MDW, cache-mdw17348-MDW, cache-hhn4066-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.976543,VS0,VE5
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
04e6b297-fe36-11ea-8c41-6a2b57a59b4f
expires
Sat, 25 Sep 2021 07:17:35 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 86, 0
industries_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/
22 KB
22 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/industries_menu_image.jpg?itok=IuH0OclF
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ce35f2450851af5e3b8e502f29a7048c7da4b7474061493711a15becf6fd7e0b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"GzFYYKKK3rGet8QY60KAbhWj58eO6EbXcfayMG47Ru4"
age
4315427, 4315427
x-pantheon-styx-hostname
styx-fe3-b-5f5d494784-txgqb
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=22689 idim=398x397 ifmt=jpeg ofsz=22544 odim=398x397 ofmt=webp
status
200
fastly-stats
io=1
content-length
22544
x-served-by
cache-mdw17359-MDW, cache-mdw17336-MDW, cache-hhn4037-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.989319,VS0,VE5
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
36e43ca2-f431-11ea-84fc-82e5316e91a9
expires
Sun, 12 Sep 2021 13:17:59 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 85, 0
blog.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
25 KB
25 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/blog.png?itok=ak2JFh3Q
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b46b95aec476bbd119873b245722eef166772d341eca4f2fcff05e3a30b62de0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"RUqXqtWs8EO0PKAffHJV9sp3+izz7ncbQPAcg2c/Y7Y"
age
145932, 145932
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=28601 idim=280x148 ifmt=png ofsz=25510 odim=280x148 ofmt=webp
status
200
fastly-stats
io=1
content-length
25510
x-served-by
cache-mdw17337-MDW, cache-mdw17349-MDW, cache-hhn4056-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.001698,VS0,VE5
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
134dc7b5-1a1d-11eb-b01e-0601e0c6002c
expires
Sat, 30 Oct 2021 19:29:34 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 87, 0
insider-risk.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
21 KB
21 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/insider-risk.png?itok=5Z5CPiwh
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fda75daabf20c593fb3c3cb3ffee398c33a8a59dfb22350e575072f6a294a7d0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"20th92PH+eIhSeVJNCnM/F2D5vhTJqtRCmgBFPfduYo"
age
145885, 145885
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6j5jb
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=24409 idim=280x148 ifmt=png ofsz=21154 odim=280x148 ofmt=webp
status
200
fastly-stats
io=1
content-length
21154
x-served-by
cache-mdw17355-MDW, cache-mdw17342-MDW, cache-hhn4072-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.013932,VS0,VE6
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
2ff0354b-1a1d-11eb-bd65-8a04a199118e
expires
Sat, 30 Oct 2021 19:30:22 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 86, 0
zero-trust.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/
19 KB
20 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/menu_image/public/zero-trust.png?itok=HAGMualJ
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c90104dc032e1b6605d49139049970b3c2c294a0fb039b3de33c7d6c05ea9bab
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"xiwj+S0Dj29f4aQWtJLnTPNAR/J+u2o0KuHxrWgWIiU"
age
145809, 145809
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-ct4b7
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=24625 idim=280x148 ifmt=png ofsz=19840 odim=280x148 ofmt=webp
status
200
fastly-stats
io=1
content-length
19840
x-served-by
cache-mdw17357-MDW, cache-mdw17378-MDW, cache-hhn4065-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.026923,VS0,VE6
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
5cdaf390-1a1d-11eb-9708-ae96c617c498
expires
Sat, 30 Oct 2021 19:31:37 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 48, 0
mariano-diaz-7f65hdp0-e0-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___full_content___xlarge/public/hero/
56 KB
57 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___full_content___xlarge/public/hero/mariano-diaz-7f65hdp0-e0-unsplash.jpg?itok=0FlFu6vW&timestamp=1604061272
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b2061cb6a8e442a3fb2a9914e62d951aac02e182784d202369ce920aa88fd019
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"Abuix5LVxaq4lJEJpVal/eZFO6ANQ+i+HVI547faQ2o"
age
84391, 84391, 84391
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=45400 idim=792x303 ifmt=jpeg ofsz=57532 odim=792x303 ofmt=webp
status
200
fastly-stats
io=1
content-length
57532
x-served-by
cache-mdw17335-MDW, cache-mdw17330-MDW, cache-hhn4075-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.040783,VS0,VE126
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
5cee78bc-1aac-11eb-b605-56226c185009
expires
Sun, 31 Oct 2021 12:35:16 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 0, 0
css_9BCXL2PNej5yvO2KnZ5YU846aPgU0fP5dQpx-xQNfsM.css
www.forcepoint.com/sites/default/files/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/default/files/css/css_9BCXL2PNej5yvO2KnZ5YU846aPgU0fP5dQpx-xQNfsM.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f410972f63cd7a3e72bced8a9d9e5853ce3a68f814d1f3f9750a71fb140d7ec3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f8db301-1a21"
age
396197, 396197
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
1439
x-served-by
cache-mdw17361-MDW, cache-mdw17368-MDW, cache-hhn4045-HHN, cache-hhn4070-HHN
last-modified
Mon, 19 Oct 2020 15:38:41 GMT
server
nginx
x-timer
S1604145707.116664,VS0,VE113
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:29 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-styx-req-id
61ca106a-17d6-11eb-87e4-8e589cac6792
x-cache-hits
59899, 0, 0, 0
image_placeholder.gif
www.forcepoint.com/sites/all/modules/contrib/lazyloader/
828 B
1 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/modules/contrib/lazyloader/image_placeholder.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf401f0aec11d24c5272997dcb1ffb78c55df70499a70c7f0863b91e215a592b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"Kpd+TedBxySIGLFOhcKwL25G5FKFFcHJQGH7xnF3BKs"
age
6243212, 6243212
x-pantheon-styx-hostname
styx-fe3-b-7ccfb4b767-kkmsp
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=1887 idim=20x20 ifmt=gif ofsz=828 odim=20x20 ofmt=gif
status
200
fastly-stats
io=1
content-length
828
x-served-by
cache-mdw17333-MDW, cache-mdw17354-MDW, cache-hhn4064-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.088915,VS0,VE7
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
bda86197-e2a8-11ea-9930-9a7691e92c5c
expires
Sat, 21 Aug 2021 05:48:15 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 85, 0
pix_phish_1.png
www.forcepoint.com/sites/default/files/inline/
172 KB
172 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/inline/pix_phish_1.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29d2f106a99a4e0ab8119a7eff1ef5e8a5032f6700900f694121c80a8320d636
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"l06row5AiqwdvPtlJ7jm3g9xdmT7ULLeJzOLSBNHji0"
age
84054, 84054, 84054
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-ct4b7
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=305668 idim=1415x815 ifmt=png ofsz=175800 odim=1415x815 ofmt=webp
status
200
fastly-stats
io=1
content-length
175800
x-served-by
cache-mdw17365-MDW, cache-mdw17379-MDW, cache-hhn4067-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.116199,VS0,VE120
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
255868d5-1aad-11eb-9708-ae96c617c498
expires
Sun, 31 Oct 2021 12:40:52 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 0, 0
pix_phish_2.png
www.forcepoint.com/sites/default/files/inline/
5 KB
6 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/inline/pix_phish_2.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c816a3b84358da6c4f4436d7afae0826aff6247c312f8998f922b944a43a6743
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"tbQKLXiMTcVaJOkQ1BAJf9mONeHumIGTP/a+NTFoKjw"
age
83370, 83370
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
MISS, HIT, MISS, MISS
fastly-io-info
ifsz=15876 idim=633x355 ifmt=png ofsz=5556 odim=633x355 ofmt=webp
status
200
fastly-stats
io=1
content-length
5556
x-served-by
cache-mdw17346-MDW, cache-mdw17349-MDW, cache-hhn4073-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.116449,VS0,VE115
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
bdc36a57-1aae-11eb-b01e-0601e0c6002c
expires
Sun, 31 Oct 2021 12:52:17 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 0, 0
mean_time_to_detect_hero.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/
25 KB
25 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/mean_time_to_detect_hero.jpg?itok=dp9PUdO8&timestamp=1603890668
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
23821571872a83c43ffbaccd85f6447da8462361c42e5877776ec4b50a56e5e9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"sNF8cfb5XEcGSR8NebskzHX0VqqQqSlUJVW+PcK/apk"
age
252859, 252859
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
MISS, MISS, HIT, MISS
fastly-io-info
ifsz=20424 idim=387x240 ifmt=jpeg ofsz=25602 odim=387x240 ofmt=webp
status
200
fastly-stats
io=1
content-length
25602
x-served-by
cache-mdw17333-MDW, cache-mdw17368-MDW, cache-hhn4037-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.116424,VS0,VE9
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
1dcf995b-1924-11eb-a160-e6110f627779
expires
Fri, 29 Oct 2021 13:47:27 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 0, 1, 0
4a-future-insights2021-woman-looking-right-2000x1333px_1.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/
6 KB
7 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/4a-future-insights2021-woman-looking-right-2000x1333px_1.jpg?itok=geMCIw7P&timestamp=1603766960
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ab02e7268fb89fe4f957122f633ee562e025adcbb94bea973f426b3f5f5b1806
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"HghJK6jl37nLIDG9K+MYoLDQsVOMZmZn5ZBJJxQnV3o"
age
343073, 343073, 343073
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=7111 idim=387x240 ifmt=jpeg ofsz=6446 odim=387x240 ofmt=webp
status
200
fastly-stats
io=1
content-length
6446
x-served-by
cache-mdw17328-MDW, cache-mdw17377-MDW, cache-hhn4082-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.116398,VS0,VE11
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
11ca0f5c-1852-11eb-b01e-0601e0c6002c
expires
Thu, 28 Oct 2021 12:43:52 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 25, 0
chris-panas-0yiy0xajjhq-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/
6 KB
7 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/chris-panas-0yiy0xajjhq-unsplash.jpg?itok=Amy-C1Aw&timestamp=1603251439
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4d1a17044b0075f8f1089bfe74833f44697cb61e60c86287e8a191516abaa853
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"/Y0k6MehH94mN9azleIhhvTPQ4CETWkLlnflSOJ/SVA"
age
859770, 859770, 859770
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6j5jb
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=7162 idim=387x240 ifmt=jpeg ofsz=6642 odim=387x240 ofmt=webp
status
200
fastly-stats
io=1
content-length
6642
x-served-by
cache-mdw17369-MDW, cache-mdw17326-MDW, cache-hhn4063-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.116362,VS0,VE7
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
0b3ee663-139f-11eb-bd65-8a04a199118e
expires
Fri, 22 Oct 2021 13:12:17 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 1, 0
mariano-diaz-7f65hdp0-e0-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/
6 KB
7 KB
Image
General
Full URL
https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/mariano-diaz-7f65hdp0-e0-unsplash.jpg?itok=nNiTsw86
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
72e4b47a17fe8af5accf40c4965387a6ed961a73bab5f487768e055d394711d4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"b/eBnHO+OjS94CnHjvJt5R4WcgxequdXToPnb0y1+YA"
age
80888, 80888
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=5504 idim=199x111 ifmt=jpeg ofsz=6606 odim=199x111 ofmt=webp
status
200
fastly-stats
io=1
content-length
6606
x-served-by
cache-mdw17367-MDW, cache-mdw17343-MDW, cache-hhn4061-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.116575,VS0,VE7
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
84a0858f-1ab4-11eb-b605-56226c185009
expires
Sun, 31 Oct 2021 13:33:38 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
0, 1, 85, 0
js_YGsUV3Ce7aXBJBS23_v5HOE_E5QvyXDXhYBu_X7nNNU.js
www.forcepoint.com/sites/default/files/js/
23 KB
8 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_YGsUV3Ce7aXBJBS23_v5HOE_E5QvyXDXhYBu_X7nNNU.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
606b1457709eeda5c12414b6dffbf91ce13f13942fc970d785806efd7ee734d5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f975624-5a28"
age
392196, 392196
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
7808
x-served-by
cache-mdw17357-MDW, cache-mdw17364-MDW, cache-hhn4059-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 23:05:08 GMT
server
nginx
x-timer
S1604145707.586672,VS0,VE109
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 23:05:10 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
b24d6997-17df-11eb-87e4-8e589cac6792
x-cache-hits
61723, 0, 0, 0
js_oaw9dVs4fCiUNWO4LbIth0obGSuoEZpLw_Fpeip-JYs.js
www.forcepoint.com/sites/default/files/js/
15 KB
6 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_oaw9dVs4fCiUNWO4LbIth0obGSuoEZpLw_Fpeip-JYs.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a1ac3d755b387c28943563b82db22d874a1b192ba8119a4bc3f1697a2a7e258b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f7f1925-3a6f"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6j5jb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
5862
x-served-by
cache-mdw17339-MDW, cache-mdw17336-MDW, cache-hhn4040-HHN, cache-hhn4070-HHN
last-modified
Thu, 08 Oct 2020 13:50:29 GMT
server
nginx
x-timer
S1604145707.610780,VS0,VE112
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:28 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-styx-req-id
6163c4aa-17d6-11eb-bd65-8a04a199118e
x-cache-hits
54490, 0, 0, 0
js_tpyEWPXKXD8JNF7tS4uoWBSe7AyZ23SgHoYPbltZaK8.js
www.forcepoint.com/sites/default/files/js/
35 KB
10 KB
Script
General
Full URL
https://www.forcepoint.com/sites/default/files/js/js_tpyEWPXKXD8JNF7tS4uoWBSe7AyZ23SgHoYPbltZaK8.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b69c8458f5ca5c3f09345eed4b8ba858149eec0c99db74a01e860f6e5b5968af
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f9200d3-8ad2"
age
396197, 396197, 396197
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
10275
x-served-by
cache-mdw17370-MDW, cache-mdw17383-MDW, cache-hhn4051-HHN, cache-hhn4070-HHN
last-modified
Thu, 22 Oct 2020 21:59:47 GMT
server
nginx
x-timer
S1604145707.729775,VS0,VE108
date
Sat, 31 Oct 2020 12:01:46 GMT
vary
Accept-Encoding, orig-host
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:29 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id
618d0b92-17d6-11eb-b01e-0601e0c6002c
x-cache-hits
62679, 0, 0, 0
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1474304064923860060
4 B
484 B
Image
General
Full URL
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1474304064923860060
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.95 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-95.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Via
1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA6-C1
x-amzn-RequestId
a79f68fb-79fc-4d46-adb8-f98b050d5bac
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
X-Amzn-Trace-Id
Root=1-5f9d522b-6eda6d8c4f2495e07e9ddca1;Sampled=0
Connection
keep-alive
x-amz-apigw-id
VRnG1GxSoAMFTAQ=
Content-Length
4
X-Amz-Cf-Id
TmvVV2MD5inkeRjomVRjkxujrZ3jPWd4QWh1KU_zKJHUWDQb35p9lw==

Redirect headers

Pragma
no-cache
Date
Sat, 31 Oct 2020 12:01:47 GMT
X-Proxy-Origin
185.212.171.75; 185.212.171.75; 728.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.234:80
AN-X-Request-Uuid
a007decd-2778-44fc-be66-86653eb80bfd
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=1474304064923860060
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
js_visitor_settings.php
dev.visualwebsiteoptimizer.com/deploy/
6 KB
3 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&random=0.8317976241496603
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
72fb5955f493a44aa536fa71091404a34bf1205c6d7669232333d50a7c09f873

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

status
200
date
Sat, 31 Oct 2020 12:01:46 GMT
content-encoding
gzip
server
gfra1
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via
1.1 google
content-type
application/javascript; charset=UTF-8
track-0ca7acdf418d8c12f3819dda65c35024.js
dev.visualwebsiteoptimizer.com/7.0/
11 KB
4 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/track-0ca7acdf418d8c12f3819dda65c35024.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&random=0.8317976241496603
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
ebace77f08582c8518a06375ee41263d1f09bacffccc36b25181b03b0652b249

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sat, 31 Oct 2020 12:01:46 GMT
content-encoding
br
last-modified
Thu, 29 Oct 2020 10:44:47 GMT
server
gfra1
status
200
etag
"5f9a9d1f-da8"
vary
Accept-Encoding, User-Agent
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3496
via
1.1 google
opa-56761856850233eb41e36332d7e3cf79.js
dev.visualwebsiteoptimizer.com/analysis/4.0/
91 KB
24 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-56761856850233eb41e36332d7e3cf79.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&random=0.8317976241496603
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
86e8428fa1f7a039682565e701bc7c562fd5274be25fc3b3b5cc3f17bdfe4ef5

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sat, 31 Oct 2020 12:01:46 GMT
content-encoding
br
last-modified
Thu, 29 Oct 2020 10:44:46 GMT
server
gfra1
status
200
etag
"5f9a9d1e-5dc7"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24007
via
1.1 google
v.gif
dev.visualwebsiteoptimizer.com/
35 B
172 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=371490&d=forcepoint.com&u=D8BF54EDB3865E02C386A5764FE4AE1C6&h=4cab07f631ec112bbc27e1b85f32a6c8&r=0.37788692737619
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:46 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
status
200
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
vis_opt.js
d5phz18u4wuww.cloudfront.net/
168 KB
56 KB
Script
General
Full URL
https://d5phz18u4wuww.cloudfront.net/vis_opt.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.28 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-28.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e96ee4202dd697f4757a0c1502f5b3ae79c0d59d0823d80a80ac3ed97132d861

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sat, 31 Oct 2020 11:01:48 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Thu, 02 May 2019 08:14:16 GMT
Server
AmazonS3
Age
3602
ETag
"85932b0cd7c8dce121fa1923529a3189"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
Cache-Control
max-age=3600
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
Content-Length
57240
X-Amz-Cf-Id
S_dqvii29Sop7i_Ear3qPXtRQe3PedA8Rp_V25DTb3fLI_oxI8diwA==
vis_opt-0ca7acdf418d8c12f3819dda65c35024.js
dev.visualwebsiteoptimizer.com/7.0/
203 KB
58 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/vis_opt-0ca7acdf418d8c12f3819dda65c35024.js
Requested by
Host: d5phz18u4wuww.cloudfront.net
URL: https://d5phz18u4wuww.cloudfront.net/vis_opt.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
8153575fa281d697e1733cb4d9bca0672c7a53bfe2d17191da06bb418c9247de

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
br
last-modified
Thu, 29 Oct 2020 10:44:47 GMT
server
gfra1
status
200
etag
"5f9a9d1f-e802"
vary
Accept-Encoding, User-Agent
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59394
via
1.1 google
async-buttons.js
ws.sharethis.com/button/
89 KB
19 KB
Script
General
Full URL
https://ws.sharethis.com/button/async-buttons.js
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2093:1400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
b80a71bbfd599367ed06d6cd8a59d87bf0b02aafde9b20b1554abcfbf00abae3

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 22:48:07 GMT
content-encoding
gzip
server
nginx/1.16.1
age
47620
etag
"5f80b36e-16245"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=259200
x-amz-cf-pop
HAM50-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
nakXAcqZvH7laJwnjzSEHAXLmgpgc-jVuaZOJ-9A1W4YNgL7KH3Q4g==
via
1.1 6c314f9bc806736c483494e492792b33.cloudfront.net (CloudFront)
expires
Mon, 02 Nov 2020 22:48:07 GMT
utag.js
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/
401 KB
110 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
1d77e8287d004c24f8cec3feb7813d728ff8be437a4ae79f42259bcf9f6d4359

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
last-modified
Fri, 30 Oct 2020 22:26:00 GMT
server
AkamaiNetStorage
etag
"433b883297cd24f4064414893fd760ca:1604096760.585643"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
expires
Sat, 31 Oct 2020 12:06:47 GMT
truncated
/
228 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f83d0e410eff198ed5a5e5cbb597db1f33421bdca9d09bbe7f389f5720a721e1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
166 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
450 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
141 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
660 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
372 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
248 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
angle-right-black.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
121 B
494 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/angle-right-black.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f96c320-79"
age
396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
127
x-served-by
cache-mdw17338-MDW, cache-mdw17339-MDW, cache-hhn4053-HHN, cache-hhn4070-HHN
access-control-allow-origin
*
last-modified
Mon, 26 Oct 2020 12:37:52 GMT
server
nginx
x-timer
S1604145707.124978,VS0,VE111
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:29 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
61c7faba-17d6-11eb-b605-56226c185009
x-cache-hits
45032, 0, 0, 0
truncated
/
151 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52de4f853e32cbad1473948b54b45888a76d70bc156a906a4e90d3fe9d63384f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/
655 B
758 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f9705dd-28f"
age
396198, 396198
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-6gnc5
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
400
x-served-by
cache-mdw17333-MDW, cache-mdw17348-MDW, cache-hhn4027-HHN, cache-hhn4070-HHN
access-control-allow-origin
*
last-modified
Mon, 26 Oct 2020 17:22:37 GMT
server
nginx
x-timer
S1604145707.128983,VS0,VE112
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:29 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
61c8c316-17d6-11eb-b01e-0601e0c6002c
x-cache-hits
58682, 0, 0, 0
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a5801778ff84312987440fe98294960b5b514a764ce5cd09cd6afcffcf38862f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
356 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
79673753d63f34d0e4d8fcec94babbf043b27387bd7767d0ba8c354f3642a54c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
383 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89f73af23bcadce2d0605735149c8a7ce2586cfcb9db7a158521b1ed9139e69e

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a51ccbe50d3e48a6dbfab565c9cd32eb148afb8134890b8437fb85c2b09d0c74

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/
257 B
493 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f9702c0-101"
age
396198, 396198, 396198
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
187
x-served-by
cache-mdw17383-MDW, cache-mdw17380-MDW, cache-hhn4045-HHN, cache-hhn4070-HHN
access-control-allow-origin
*
last-modified
Mon, 26 Oct 2020 17:09:20 GMT
server
nginx
x-timer
S1604145707.141940,VS0,VE112
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding, orig-host
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:29 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
61cde7f8-17d6-11eb-b605-56226c185009
x-cache-hits
53110, 0, 0, 0
truncated
/
442 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
363 B
690 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"ga7U9bAOPM7Oepbue6I1XLSNh+Easwa5vEhZjyyparo"
age
2009945, 2009945, 2009945
x-pantheon-styx-hostname
styx-fe3-b-968b66656-kj24t
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=404 idim=43x11 ifmt=gif ofsz=363 odim=43x11 ofmt=gif ofrm=4
status
200
fastly-stats
io=1
content-length
363
x-served-by
cache-mdw17335-MDW, cache-mdw17369-MDW, cache-hhn4026-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.143257,VS0,VE9
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
15921ec3-0929-11eb-8829-aa9e051c7c3c
expires
Sat, 09 Oct 2021 05:42:42 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 80, 0
truncated
/
383 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
558 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
356 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
431 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
688 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
eu-cookie-compliance
www.forcepoint.com/ajax/
Redirect Chain
  • https://www.forcepoint.com/ajax/eu-cookie-compliance/
  • https://www.forcepoint.com/ajax/eu-cookie-compliance
269 B
3 KB
XHR
General
Full URL
https://www.forcepoint.com/ajax/eu-cookie-compliance
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
705625f67416c089ec12f98067511c51064b70b57ee1241ba675a1030d26213c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
content-encoding
gzip
x-content-type-options
nosniff
age
719, 719, 719, 719, 719
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-ct4b7
x-cache
HIT, MISS, MISS, MISS
status
200
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
vary
Accept-Encoding, x-geo-country, orig-host
content-length
177
etag
W/"1604144988-0"
x-served-by
cache-mdw17337-MDW, cache-mdw17383-MDW, cache-hhn4028-HHN, cache-hhn4070-HHN
last-modified
Sat, 31 Oct 2020 11:49:48 GMT
server
nginx
x-timer
S1604145707.402038,VS0,VE116
x-frame-options
SAMEORIGIN
date
Sat, 31 Oct 2020 12:01:47 GMT
strict-transport-security
max-age=18410000
content-language
en
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
public, max-age=1800
accept-ranges
bytes, bytes, bytes, bytes, bytes
content-type
application/json
x-styx-req-id
2d541cd0-1b6f-11eb-9708-ae96c617c498
x-drupal-cache
MISS
x-cache-hits
4, 0, 0, 0

Redirect headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
age
0, 0, 0, 0
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
MISS, MISS, MISS, MISS
status
301
content-length
0
x-served-by
cache-mdw17321-MDW, cache-mdw17376-MDW, cache-hhn4046-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.225987,VS0,VE169
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
x-geo-country, Cookie, orig-host
content-type
text/html; charset=UTF-8
location
https://www.forcepoint.com/ajax/eu-cookie-compliance
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
no-cache, must-revalidate
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
da032668-1b70-11eb-b605-56226c185009
x-drupal-cache
MISS
x-cache-hits
0, 0, 0, 0
truncated
/
199 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6408a837784b4b1e5bdce4b19d2bb4ff1c08c63eaebfe028bd91a559e7eceb8c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/
430 B
750 B
Image
General
Full URL
https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"zv1lE2Lr9Kk1HzjHcZEB3/uXEUVp6pb4opLSEJON338"
age
8351628, 8351628
x-pantheon-styx-hostname
styx-fe3-a-745747b57-7tdkd
x-cache
HIT, HIT, HIT, MISS
fastly-io-info
ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
status
200
fastly-stats
io=1
content-length
430
x-served-by
cache-mdw17338-MDW, cache-mdw17361-MDW, cache-hhn4061-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.232576,VS0,VE6
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/webp
x-styx-req-id
b34d2a01-cf7b-11ea-bd14-6202a924e034
expires
Tue, 27 Jul 2021 20:07:58 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes
x-cache-hits
1, 1, 18, 0
getForm
www.forcepoint.com/index.php/form/
16 KB
4 KB
XHR
General
Full URL
https://www.forcepoint.com/index.php/form/getForm?munchkinId=018-NKF-008&form=2810&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/forms2.min.js?qitx08
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fc6a0616e0a7cf3b8abaa2ab6a02147601829c741de3c870ab3df86aec4af5c
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63113904
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
age
0
x-cache
MISS, MISS
status
200
content-length
3805
cf-request-id
06202210fc0000d711a412b000000001
x-served-by
cache-hhn4077-HHN, cache-hhn4070-HHN
access-control-allow-origin
*
server
cloudflare
x-timer
S1604145707.240032,VS0,VE388
date
Sat, 31 Oct 2020 12:01:47 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, orig-host
content-type
application/json; charset=utf-8
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes, bytes
cf-ray
5ead392e5f60d711-FRA
x-cache-hits
0, 0
loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/
76 KB
77 KB
Image
General
Full URL
https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag
"1jEtdmhYtvyzN6Srr4mLY9uwHnV03vhqrN9WPOrXo7A"
age
2457220, 2457220
x-pantheon-styx-hostname
styx-fe3-b-5f5d494784-lxfdb
x-cache
MISS, HIT, HIT, MISS
fastly-io-info
ifsz=80522 idim=200x200 ifmt=gif ofsz=78220 odim=200x200 ofmt=gif ofrm=30
status
200
fastly-stats
io=1
content-length
78220
x-served-by
cache-mdw17355-MDW, cache-mdw17321-MDW, cache-hhn4051-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145707.247683,VS0,VE11
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept, orig-host
content-type
image/gif
x-styx-req-id
b107d87d-0517-11eb-879b-0a2df894a46a
expires
Mon, 04 Oct 2021 01:28:07 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes
x-cache-hits
0, 1, 21, 0
portal-v2.html
c.sharethis.mgr.consensu.org/ Frame D1EB
0
0
Document
General
Full URL
https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2093:ba00:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
c.sharethis.mgr.consensu.org
:scheme
https
:path
/portal-v2.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts

Response headers

status
200
content-type
text/html; charset=utf-8
accept-ranges
bytes
content-encoding
gzip
last-modified
Thu, 01 Oct 2020 18:27:43 GMT
cache-control
max-age=3600, public
date
Sat, 31 Oct 2020 11:38:06 GMT
etag
W/"83a-174e56b8518"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 04545073f97f94a6b7b4580892eff70d.cloudfront.net (CloudFront)
x-amz-cf-pop
HAM50-C1
x-amz-cf-id
CAKB_9iZFTYMxX-wUBtxshwjaQR8XY3TOzd6W7-v1Fx2065NLGA3xQ==
age
1421
worker-70faafffa0475802f5ee03ca5ff74179.js
dev.visualwebsiteoptimizer.com/analysis/
47 KB
14 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-56761856850233eb41e36332d7e3cf79.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
br
last-modified
Mon, 16 Mar 2020 04:40:32 GMT
server
gfra1
status
200
etag
"5e6f0340-351f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13599
via
1.1 google
buttons-secure.css
ws.sharethis.com/button/css/
23 KB
4 KB
Stylesheet
General
Full URL
https://ws.sharethis.com/button/css/buttons-secure.css
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2093:1400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 03:15:04 GMT
content-encoding
gzip
last-modified
Fri, 09 Oct 2020 19:01:02 GMT
server
nginx/1.16.1
age
31603
etag
"5f80b36e-5a76"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-amz-cf-pop
HAM50-C1
x-robots-tag
noindex, nofollow
content-length
3851
via
1.1 6c314f9bc806736c483494e492792b33.cloudfront.net (CloudFront)
x-amz-cf-id
CNmpMqQ1MKD_yKUgXfJUqo4V03dETwS6-DraMPfWemTc73wHb6hN9w==
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145707309
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145707309
370 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145707309
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.66.13 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-66-13.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
303955d772f28572e94ee1c25f474f014588a26f430bc9394e379c2b0d69059a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v085-0d12d995a.edge-irl1.demdex.com 5.79.0.20201028125013 2ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
ICPjvq6sQ+k=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.forcepoint.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
306
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.forcepoint.com
X-TID
5AvZoHWtREM=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145707309
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pview
l.sharethis.com/
0
340 B
XHR
General
Full URL
https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1604145707104.10778&hostname=www.forcepoint.com&location=%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&product=widget&fcmp=false&fcmpv2=false&publisher=dr-1a8ea6fe-97f3-ecd7-f9ef-9fd1e2c0c34&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&title=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint&sop=false&description=PIX%2C%20a%20new%20instant%20money%20transfer%20service%2C%20is%20being%20launched%20to%20the%20public%20on%2016%20November%202020%20by%20the%20Central%20Bank%20of%20Brazil%20(BCB).%20Forcepoint%20X-Labs%20have%20seen%20several%20email%20phishing%20campaigns%20using%20this%20service%20as%20a%20lure%20to%20steal%20banking%20details%20and%20passwords%20from%20would-be%20victims.
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.43.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-43-194.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
https://www.forcepoint.com
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
bizible.js
cdn.bizible.com/scripts/
86 KB
33 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BA7) /
Resource Hash
4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
last-modified
Wed, 28 Oct 2020 21:30:53 GMT
server
ECS (amb/6BA7)
age
69708
etag
"d6605b9d71add61:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
33769
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2759
date
Sat, 31 Oct 2020 11:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sat, 31 Oct 2020 13:15:48 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-95-62.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
insight.min.js
snap.licdn.com/li.lms-analytics/
965 B
761 B
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:eb:3b4::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=33816
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
448
/
6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com/
481 B
760 B
Script
General
Full URL
https://6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com/
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.131 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
402e80f9b0af45bb9f341ed3b3ac87a7000c212f9233c71d028bd317f339cf27

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
br
x-backend-region
eu_west_1
age
3901
x-amz-apigw-id
VRdlSFaSDoEFXUg=
etag
66239989a1923b65dedc2181e2267b4a-v0.178.1
vary
Accept-Encoding, Referer
x-cache
Miss from cloudfront, HIT
content-type
application/json
status
200
cache-control
max-age=0, must-revalidate
x-amz-cf-pop
FRA6-C1
accept-ranges
none
access-control-allow-origin
*
bt3rzfauhdaf.js
js.driftt.com/include/1604145900000/
137 KB
45 KB
Script
General
Full URL
https://js.driftt.com/include/1604145900000/bt3rzfauhdaf.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.32.38 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-32-38.ham50.r.cloudfront.net
Software
nginx /
Resource Hash
7bc1dc7d2a673a36a6e7b3d26c7fd8f5cc42d8b2d41a98e4de2a5ebdaaea9bf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:39 GMT
content-encoding
gzip
age
8
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
last-modified
Tue, 13 Oct 2020 15:05:22 GMT
server
nginx
etag
W/"a48548cec5608126b24de4cbfe9bfb8d"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
via
1.1 ddf1a4286ca5a84e441f34f1b121a3ca.cloudfront.net (CloudFront)
cache-control
max-age=10
access-control-allow-credentials
true
x-amz-cf-pop
HAM50-C1
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ZGdnBCt7kDurBCrwPRvl5ke0Tt3N4uRX5OV7MCl7qe8gqe593Eio0Q==
oct.js
static.ads-twitter.com/
Redirect Chain
  • https://platform.twitter.com/oct.js
  • https://static.ads-twitter.com/oct.js
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
age
52148
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1958
x-served-by
cache-hhn4079-HHN
last-modified
Wed, 21 Oct 2020 21:46:56 GMT
x-timer
S1604145707.406802,VS0,VE0
etag
"a4cc3f907681b24a3efd540acd5d2996+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes

Redirect headers

x-tw-cdn
VZ
Date
Sat, 31 Oct 2020 12:01:47 GMT
Server
ECS (fcn/41D8)
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Location
https://static.ads-twitter.com/oct.js
Content-Length
0
js
www.googletagmanager.com/gtag/
95 KB
37 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9839411
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c5b4d853430d5557c3ed99dbd1780a198e25e0b6afa960beb3ddf2cb9806df98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38202
x-xss-protection
0
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 31 Oct 2020 12:01:47 GMT
roundtrip.js
s.adroll.com/j/
39 KB
13 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
68253ec054bea4b6ab38323bec24b592d9f2d685adcd63a7c1271ea27d7740ed

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
zrbPOMMu6ynl1D1pSi_Kb.TcYsdwZuQo
Content-Encoding
gzip
ETag
"b538cefd8a74513baa32666f5ad3b307"
x-amz-request-id
0A38A3A1DF99BE44
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
12342
x-amz-id-2
WFMpWYMSbopkv8KPwoHIvoJsHaRMYkAw1hhvQ9zBvX6AF7ZuOEdWs2er01F8VZTEi1WH2hmLr1E=
Last-Modified
Wed, 28 Oct 2020 15:33:38 GMT
Server
AmazonS3
Date
Sat, 31 Oct 2020 12:01:47 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
fbevents.js
connect.facebook.net/en_US/
88 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
23070
x-xss-protection
0
pragma
public
x-fb-debug
3K9oXxncv5QdnRyZq4dL+T2A/jUWdJHrMTFzifyan/ss1GN4oJhRRNP/EJavBDHyhX5yc9oTkkeQva/lzOwOVQ==
x-fb-trip-id
780166575
x-frame-options
DENY
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires
Sat, 01 Jan 2000 00:00:00 GMT
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
age
52151
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1958
x-served-by
cache-hhn4079-HHN
last-modified
Wed, 21 Oct 2020 21:46:56 GMT
x-timer
S1604145707.406713,VS0,VE0
etag
"a4cc3f907681b24a3efd540acd5d2996+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
adex.js
dmp.theadex.com/d/506/3014/s/
40 KB
14 KB
Script
General
Full URL
https://dmp.theadex.com/d/506/3014/s/adex.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.163.159.104 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
nginx /
Resource Hash
2d6b3f3c5ff369d4df14f16820d8300a5c57ea938bc1f932421a5d6241f9e568

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
last-modified
Fri, 09 Oct 2020 07:26:02 GMT
server
nginx
etag
W/"5f80108a-a1c8"
content-type
application/javascript
status
200
cache-control
max-age=300
access-control-allow-credentials
true
expires
Sat, 31 Oct 2020 12:06:47 GMT
2NSeEr5qA0s0pJTc3vV6
ws.zoominfo.com/pixel/
0
723 B
Script
General
Full URL
https://ws.zoominfo.com/pixel/2NSeEr5qA0s0pJTc3vV6
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-powered-by
Express
status
200
content-length
0
cf-request-id
062022117b00002c3ad4269000000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
5ead392f2c182c3a-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
202 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202010302225&cb=1604145707338
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
status
200
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Sat, 31 Oct 2020 12:11:47 GMT
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.5777810298254122
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D2141257%26fmt%3Dgif%26_rnd%3D0.5777810298254122%26liSync%3Dtrue
  • https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.5777810298254122&liSync=true
43 B
143 B
Image
General
Full URL
https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.5777810298254122&liSync=true
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
server
Play
linkedin-action
1
vary
Accept-Encoding
content-type
image/gif
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-length
65
x-li-uuid
/q0prAUSQxbgzpwqvSoAAA==
x-li-fabric
prod-lor1

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action
1
status
302
content-length
0
x-li-uuid
l02epQUSQxZQLlC+bCsAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: BA947003A6FE4ED1BC6E0CCC894BD47D Ref B: FRAEDGE0821 Ref C: 2020-10-31T12:01:47Z
x-frame-options
sameorigin
date
Sat, 31 Oct 2020 12:01:46 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.5777810298254122&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.6445979366817001
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D1681282%26fmt%3Dgif%26_rnd%3D0.6445979366817001%26liSync%3Dtrue
  • https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.6445979366817001&liSync=true
43 B
116 B
Image
General
Full URL
https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.6445979366817001&liSync=true
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
server
Play
linkedin-action
1
vary
Accept-Encoding
content-type
image/gif
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-length
65
x-li-uuid
UKdFrAUSQxawvyiwvCoAAA==
x-li-fabric
prod-lor1

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action
1
status
302
content-length
0
x-li-uuid
QNCfpQUSQxagPxLqHCsAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: 55924D0A1D0A4B8981A29F3675D1F722 Ref B: FRAEDGE0821 Ref C: 2020-10-31T12:01:47Z
x-frame-options
sameorigin
date
Sat, 31 Oct 2020 12:01:46 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.6445979366817001&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
999 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 11:12:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
2977
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Sat, 31 Oct 2020 12:12:10 GMT
168348421119586
connect.facebook.net/signals/config/
234 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/168348421119586?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fe1204692b14773ce1f8a8b10ca5334c73331ef62739c0165e9877e5e89b62d3
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
69829
x-xss-protection
0
pragma
public
x-fb-debug
/O/Ed2rqZnm3MRUIcd+GlZJOvJ/g1hT9OR+xKeMh5PjBudVmoB8uOpfrEKLLNkES1ZidNAP+4QF8RhpyvoU0ZQ==
x-fb-trip-id
780166575
x-frame-options
DENY
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.beta.min.js
snap.licdn.com/li.lms-analytics/
4 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:eb:3b4::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=29149
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1799
collect
stats.g.doubleclick.net/j/
4 B
90 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-72298027-1&cid=90267529.1604145707&jid=1203391425&gjid=1404281714&_gid=773292889.1604145707&_u=KGBAgAAjAAAAAE~&z=893199682
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 31 Oct 2020 12:01:47 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.forcepoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
63 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j87&a=1029733164&t=pageview&_s=1&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&ul=en-us&de=UTF-8&dt=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAgAAj~&jid=1203391425&gjid=1404281714&cid=90267529.1604145707&tid=UA-72298027-1&_gid=773292889.1604145707&z=1368305325
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 05:34:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
23237
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
253 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-72298027-1&cid=90267529.1604145707&jid=1203391425&_u=KGBAgAAjAAAAAE~&z=765279638
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
106 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-72298027-1&cid=90267529.1604145707&jid=1203391425&_u=KGBAgAAjAAAAAE~&z=765279638
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/155/
9 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/155/munchkin.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/munchkin.js?qitx08
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-95-62.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Content-Encoding
gzip
Last-Modified
Fri, 30 Nov 2018 03:18:20 GMT
Server
AkamaiNetStorage
ETag
"c67dad42946949112916578f78706df8:1543547900"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3923
Expires
Mon, 08 Feb 2021 12:01:47 GMT
bundle.js
assets.ubembed.com/universalscript/releases/v0.178.1/
162 KB
163 KB
Script
General
Full URL
https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js
Requested by
Host: 6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
URL: https://6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.2.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-2-19.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
df25786bc3951d78d0f763a2a75a1f33b01b8ae2a5157831d2cf4d0348c2ede7

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 20 Oct 2020 06:09:38 GMT
via
1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
last-modified
Wed, 11 Dec 2019 22:14:50 GMT
server
AmazonS3
age
971530
etag
"2c662c7609e2ae1af50939453dcb717e"
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-length
165971
x-amz-cf-id
KqOr1kje4iZEUvoWIvML1_eKYhifR0NSPxSpwON8LOfWXozuSOkJTw==
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/2GRHXEZSJNFRTPMEC6ZM2B/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
0A9DFB41B15EF3A2
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified
Fri, 31 Jul 2020 16:11:15 GMT
Server
AmazonS3
Date
Sat, 31 Oct 2020 12:01:48 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Sat, 31 Oct 2020 12:01:48 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/2GRHXEZSJNFRTPMEC6ZM2B/GCI6D323NJAJFLW5TKGUK5/
1 KB
1 KB
Script
General
Full URL
https://s.adroll.com/j/pre/2GRHXEZSJNFRTPMEC6ZM2B/GCI6D323NJAJFLW5TKGUK5/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
OVeEHCzot5zwJ1rOdWTy50PDN.FdzYEq
Content-Encoding
gzip
ETag
"3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id
3F71902D709C1B24
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
635
x-amz-id-2
xnA1xxLgoFva0hWAF6tQN9b6JNGwdJgaWjNnIBnMqSf2QoZgQ6QiGMIm9p5BbpXmEqCXY1+mCpc=
Last-Modified
Fri, 30 Oct 2020 19:16:56 GMT
Server
AmazonS3
Date
Sat, 31 Oct 2020 12:01:47 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/2GRHXEZSJNFRTPMEC6ZM2B?_s=b903f87e13ba508c2bc003ce1460ca97&_b=2
  • https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=b903f87e13ba508c2bc003ce1460ca97&_b=2
385 B
478 B
Script
General
Full URL
https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=b903f87e13ba508c2bc003ce1460ca97&_b=2
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.23.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-23-184.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
7048e979431ed7c753e4a9fc98c87f88d2f0deb0dfa8c39c13ef862ae4e232a1

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sat, 31 Oct 2020 12:01:47 GMT
server
nginx/1.18.0
content-length
385
content-type
application/javascript

Redirect headers

status
302
date
Sat, 31 Oct 2020 12:01:47 GMT
server
nginx/1.18.0
content-length
105
location
https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=b903f87e13ba508c2bc003ce1460ca97&_b=2
pview
l.sharethis.com/
0
315 B
Image
General
Full URL
https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1604145707104.10778&hostname=www.forcepoint.com&location=%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&product=widget&fcmp=false&fcmpv2=false&publisher=dr-1a8ea6fe-97f3-ecd7-f9ef-9fd1e2c0c34&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&title=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint&sop=false&description=PIX%2C%20a%20new%20instant%20money%20transfer%20service%2C%20is%20being%20launched%20to%20the%20public%20on%2016%20November%202020%20by%20the%20Central%20Bank%20of%20Brazil%20(BCB).%20Forcepoint%20X-Labs%20have%20seen%20several%20email%20phishing%20campaigns%20using%20this%20service%20as%20a%20lure%20to%20steal%20banking%20details%20and%20passwords%20from%20would-be%20victims.&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&description=PIX%2C%20a%20new%20instant%20money%20transfer%20service%2C%20is%20being%20launched%20to%20the%20public%20on%2016%20November%202020%20by%20the%20Central%20Bank%20of%20Brazil%20(BCB).%20Forcepoint%20X-Labs%20have%20seen%20several%20email%20phishing%20campaigns%20using%20this%20service%20as%20a%20lure%20to%20steal%20banking%20details%20and%20passwords%20from%20would-be%20victims.&img_pview=true
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.43.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-43-194.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
adsct
t.co/i/
43 B
125 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=l6a6s&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
119
pragma
no-cache
last-modified
Sat, 31 Oct 2020 12:01:47 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
cb486cc7f0292476b682b7789da29528
x-transaction
00e4596900f498a8
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
t.co/i/
43 B
448 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o3qcd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
107
pragma
no-cache
last-modified
Sat, 31 Oct 2020 12:01:47 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
cb486cc7f0292476b682b7789da29528
x-transaction
0006ecc5003a26c5
expires
Tue, 31 Mar 1981 05:00:00 GMT
ipv
cdn.bizible.com/m/
43 B
304 B
Image
General
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=4f68d7ffd0614057e8b72673815c7bb4&_biz_s=aeb31&_biz_l=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&_biz_t=1604145707429&_biz_i=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint%20&_biz_n=0&rnd=697357&cdn_o=a&_biz_z=1604145707430
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B75) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:47 GMT
last-modified
Fri, 30 Oct 2020 01:57:57 GMT
server
ECS (amb/6B75)
age
122631
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
u
cdn.bizibly.com/
43 B
202 B
Image
General
Full URL
https://cdn.bizibly.com/u?_biz_u=4f68d7ffd0614057e8b72673815c7bb4&_biz_s=aeb31&_biz_l=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&_biz_t=1604145707434&_biz_i=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint%20&rnd=461122&cdn_o=a&_biz_z=1604145707434
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B97) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:47 GMT
last-modified
Fri, 30 Oct 2020 00:53:38 GMT
server
ECS (amb/6B97)
age
126489
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145707441&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D8897...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D258729%26time%3D1604145707441%26url%3Dhttps%253A%252F%252Fwww.forcepoint.com%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145707441&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D8897...
0
80 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145707441&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&liSync=true
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:48 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
/KtpsAUSQxaAcFbKvCoAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
tCy4qQUSQxYgU2QiUysAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: 985951968567464783D31F77DC55F81E Ref B: FRAEDGE0821 Ref C: 2020-10-31T12:01:47Z
x-frame-options
sameorigin
date
Sat, 31 Oct 2020 12:01:46 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145707441&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
529994084364752
connect.facebook.net/signals/config/
234 KB
68 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/529994084364752?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
527ce22593bfcd6e20caa955f7f3ee14538001d5077c5f24d3bd52a31b36dd34
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
69821
x-xss-protection
0
pragma
public
x-fb-debug
LJhw6TPDbRKEftTm8HDPbDSnYpMXmpB103eoPOC5s3qc7CMUtQrQXBLxpDfJvQxm8jGyxQ5clulmgZxt3E7BIA==
x-fb-trip-id
780166575
x-frame-options
DENY
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
257 B
Image
General
Full URL
https://www.facebook.com/tr/?id=168348421119586&ev=PageView&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&rl=&if=false&ts=1604145707477&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1604145707477.306414256&it=1604145707367&coo=false&rqm=GET
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sat, 31 Oct 2020 12:01:47 GMT
/
www.facebook.com/tr/
44 B
100 B
Image
General
Full URL
https://www.facebook.com/tr/?id=168348421119586&ev=PageView&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&rl=&if=false&ts=1604145707479&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmtealium&ec=1&o=30&fbp=fb.1.1604145707477.306414256&it=1604145707367&coo=false&tm=1&rqm=GET
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sat, 31 Oct 2020 12:01:47 GMT
xdc.js
cdn.bizible.com/
116 B
550 B
Script
General
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=4f68d7ffd0614057e8b72673815c7bb4&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.08.28
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BBB) /
Resource Hash
2123dfed956383e8fd59b9919c459bbe744b73a962680d81839825d178b575e0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:46 GMT
content-encoding
gzip
server
ECS (amb/6BBB)
etag
B743F461
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
private, must-revalidate, max-age=21600
content-type
text/javascript; charset=utf-8
content-length
219
visitWebPage
018-nkf-008.mktoresp.com/webevents/
2 B
311 B
XHR
General
Full URL
https://018-nkf-008.mktoresp.com/webevents/visitWebPage?_mchNc=1604145707486&_mchCn=&_mchId=018-NKF-008&_mchTk=_mch-forcepoint.com-1604145707485-86562&_mchHo=www.forcepoint.com&_mchPo=&_mchRu=%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=_hsmi%3D88974744__-___hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:47 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
6b5914a4-144f-4283-9f64-dc8da8e0972e
trace.js
dmp.theadex.com/
Redirect Chain
  • https://dmp.theadex.com/trace.js?adex_consent=1
  • https://dmp.theadex.com/trace.js?adex_consent=1&axd_sc=4242187308272478158
500 B
660 B
Script
General
Full URL
https://dmp.theadex.com/trace.js?adex_consent=1&axd_sc=4242187308272478158
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.163.159.104 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
nginx /
Resource Hash
679a84800b9d250faa709bee60c04cf62ac9c78e4b7aef9bce3f38f1a35d8d9e

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:47 GMT
server
nginx
content-type
application/javascript
status
200
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
content-length
500
expires
0

Redirect headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:47 GMT
server
nginx
status
303
p3p
CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
location
?adex_consent=1&axd_sc=4242187308272478158
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
content-length
0
expires
0
Cookie set dest5.html
websenseinc.demdex.net/ Frame 90FE
0
0
Document
General
Full URL
https://websenseinc.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-47-228.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
websenseinc.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=18344337633082910464400957634470870191
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Thu, 29 Oct 2020 14:07:47 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=18344337633082910464400957634470870191;Path=/;Domain=.demdex.net;Expires=Thu, 29-Apr-2021 12:01:47 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
O7oSFr4fTRs=
Content-Length
2785
Connection
keep-alive
id
analyticsssl.forcepoint.com/
48 B
512 B
XHR
General
Full URL
https://analyticsssl.forcepoint.com/id?d_visid_ver=4.1.0&d_fieldgroup=A&mcorgid=8DC067C25245AFA80A490D4C%40AdobeOrg&mid=14126098783681722974034373541184079424&ts=1604145707511
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-76-117.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
aa4cc7495d93429692ca8892e95e44150a3379a21aeb137e2a33166ecffbd294
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Sat, 31 Oct 2020 12:01:47 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-f7bfdfcfd-5rpnm
vary
Origin
x-c
master-1404.I1e61f9.M0-468
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.forcepoint.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=X51SKwAABoPWEi3-
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=18344337633082910464400957634470870191
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SKwAABoPWEi3-
42 B
915 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SKwAABoPWEi3-
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.66.13 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-66-13.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v085-0e5214065.edge-irl1.demdex.com 5.79.0.20201028125013 0ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
Xnc9uyO6TVg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Sat, 31 Oct 2020 12:01:46 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SKwAABoPWEi3-
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
/
dmp.theadex.com/r/506/3014/ Frame 045F
0
0
Document
General
Full URL
https://dmp.theadex.com/r/506/3014/?c=4242187308272478158&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&adex_consent_checked=1604145707
Requested by
Host: dmp.theadex.com
URL: https://dmp.theadex.com/d/506/3014/s/adex.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.163.159.104 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
dmp.theadex.com
:scheme
https
:path
/r/506/3014/?c=4242187308272478158&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&adex_consent_checked=1604145707
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
axd=4242187308272478158
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts

Response headers

status
200
server
nginx
date
Sat, 31 Oct 2020 12:01:47 GMT
content-type
text/html; charset=UTF-8
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
content-encoding
gzip
/
www.facebook.com/tr/
44 B
100 B
Image
General
Full URL
https://www.facebook.com/tr/?id=529994084364752&ev=PageView&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&rl=&if=false&ts=1604145707558&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1604145707477.306414256&it=1604145707367&coo=false&tm=1&rqm=GET
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sat, 31 Oct 2020 12:01:47 GMT
s25253382885428
analyticsssl.forcepoint.com/b/ss/websense-fp-prod/1/JS-2.12.0/
43 B
329 B
Image
General
Full URL
https://analyticsssl.forcepoint.com/b/ss/websense-fp-prod/1/JS-2.12.0/s25253382885428?AQB=1&ndh=1&pf=1&t=31%2F9%2F2020%2013%3A1%3A47%206%20-60&sdid=68F798A158220C74-34BD56BB3B22875C&mid=14126098783681722974034373541184079424&aamlh=6&ce=UTF-8&pageName=fp%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment&g=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&cc=USD&ch=blog&server=www.forcepoint.com&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=blog%20article&v1=blog%20article&v2=blog&c3=blog%3Ax%20labs&v3=blog%3Ax%20labs&v4=D%3DpageName&v9=de&v10=emea%20-%20europe%2C%20middle%20east%20and%20africa&v11=english&c15=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&v18=no%20value&c20=2336&c21=2.12.0&c22=fp%3Aus%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment&v34=x%20labs&v35=cybercriminals%20exploit%20brazil%E2%80%99s%20pix%20instant%20payment%20platform%20in%20new%20phishing%20attack&v36=ben%20gibney&v37=2020-10-30&v47=D%3Dg&v50=D%3Dc15&v63=fp%3Aus%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=8DC067C25245AFA80A490D4C%40AdobeOrg&AQE=1
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-76-117.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:47 GMT
x-content-type-options
nosniff
x-c
master-1404.I1e61f9.M0-468
p3p
CP="This is not a P3P policy"
status
200
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 01 Nov 2020 12:01:47 GMT
server
jag
xserver
anedge-f7bfdfcfd-cfgbq
etag
3444876674877194240-4621686735075765870
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Fri, 30 Oct 2020 12:01:47 GMT
forms2.css
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/
Redirect Chain
  • https://www.forcepoint.com/js/forms2/css/forms2.css
  • https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
13 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f96c56f-33f8"
age
396196, 396196
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
3158
x-served-by
cache-mdw17347-MDW, cache-mdw17347-MDW, cache-hhn4070-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 12:47:43 GMT
server
nginx
x-timer
S1604145708.819550,VS0,VE192
date
Sat, 31 Oct 2020 12:01:48 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:32 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
63395879-17d6-11eb-a160-e6110f627779
x-cache-hits
7, 0, 0, 0

Redirect headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
age
47063, 47063, 47063, 47063
x-cache
HIT, MISS, MISS, MISS
status
301
x-cache-hits
149, 0, 0, 0
content-length
0
x-served-by
cache-mdw17368-MDW, cache-mdw17327-MDW, cache-hhn4053-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145708.640326,VS0,VE139
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
x-geo-country, Cookie, orig-host
content-type
text/html; charset=UTF-8
location
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
cache-control
public, max-age=86400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
464c6320-1b03-11eb-9708-ae96c617c498
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-ct4b7
forms2.css
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/
Redirect Chain
  • https://www.forcepoint.com/js/forms2/css/forms2-theme-simple.css
  • https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
13 KB
3 KB
Stylesheet
General
Full URL
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"5f96c56f-33f8"
age
396196, 396196, 396196, 396196, 396196
x-pantheon-styx-hostname
styx-fe3-b-6776458c68-7wjkb
x-cache
HIT, MISS, MISS, MISS
status
200
content-length
3158
x-served-by
cache-mdw17373-MDW, cache-mdw17360-MDW, cache-hhn4071-HHN, cache-hhn4070-HHN
last-modified
Mon, 26 Oct 2020 12:47:43 GMT
server
nginx
x-timer
S1604145708.772156,VS0,VE124
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
Accept-Encoding, orig-host
content-type
text/css
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Wed, 27 Oct 2021 21:58:32 GMT
cache-control
max-age=31622400
accept-ranges
bytes, bytes, bytes, bytes, bytes
x-styx-req-id
63395879-17d6-11eb-a160-e6110f627779
x-cache-hits
75187, 0, 0, 0

Redirect headers

strict-transport-security
max-age=300
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
age
47063, 47063, 47063, 47063
x-cache
HIT, MISS, MISS, MISS
status
301
x-cache-hits
146, 0, 0, 0
content-length
0
x-served-by
cache-mdw17365-MDW, cache-mdw17379-MDW, cache-hhn4072-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145708.640698,VS0,VE124
date
Sat, 31 Oct 2020 12:01:47 GMT
vary
x-geo-country, Cookie, orig-host
content-type
text/html; charset=UTF-8
location
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
cache-control
public, max-age=86400
accept-ranges
bytes, bytes, bytes, bytes
x-styx-req-id
4657ab89-1b03-11eb-87e4-8e589cac6792
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-4g68v
truncated
/
648 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba206ae667f1642cd0a35950bee63b5f3df2a147d04272a5f3aba7e2d53167aa

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
consent_tcfv2.js
s.adroll.com/j/
396 KB
55 KB
Script
General
Full URL
https://s.adroll.com/j/consent_tcfv2.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1e8c2c1c69e177db8aab839264b26577c44af29b75cc4edb25b5021b0b4538e3

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
RrXoTAgO8kW4lHaNUHggiN0CFoNQqBuA
Content-Encoding
gzip
ETag
"14827d9b396da2c054681d43b60bfefa"
x-amz-request-id
75FD1CF45B5DC603
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
55061
x-amz-id-2
87Hntk1FQ9KerNTzh7kaTiGto6MGiLc0tqz1MqvwTE4/+GFSHUx4QutWa2o433BEieeasynzIjM=
Last-Modified
Wed, 21 Oct 2020 17:43:14 GMT
Server
AmazonS3
Date
Sat, 31 Oct 2020 12:01:47 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
favicon-32x32.png
nextroll.com/
2 KB
2 KB
Image
General
Full URL
https://nextroll.com/favicon-32x32.png
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.175.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-175-83.compute-1.amazonaws.com
Software
Apache /
Resource Hash
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 31 Oct 2020 12:01:48 GMT
Via
1.1 vegur
Last-Modified
Mon, 26 Oct 2020 19:58:15 GMT
Server
Apache
Etag
"64f-5b29859ce03c0"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1615
csp-report
www.forcepoint.com/admin/config/system/seckit/
0
3 KB
Other
General
Full URL
https://www.forcepoint.com/admin/config/system/seckit/csp-report
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::740 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security max-age=18410000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
content-encoding
gzip
x-content-type-options
nosniff
age
0
x-pantheon-styx-hostname
styx-fe3-a-d687769c6-2mqj6
x-cache
MISS, MISS, MISS, MISS
status
200
from-origin
same, https://analyticsssl.forcepoint.com,https://vidyard.com
vary
Accept-Encoding, x-geo-country, Cookie, orig-host
content-length
20
x-served-by
cache-mdw17336-MDW, cache-mdw17336-MDW, cache-hhn4070-HHN, cache-hhn4070-HHN
server
nginx
x-timer
S1604145708.988325,VS0,VE257
x-frame-options
SAMEORIGIN
date
Sat, 31 Oct 2020 12:01:48 GMT
strict-transport-security
max-age=18410000
content-language
en
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires
Sun, 19 Nov 1978 05:00:00 GMT
cache-control
no-cache, must-revalidate
accept-ranges
bytes, bytes, bytes
content-type
text/html; charset=UTF-8
x-styx-req-id
da7fc5f8-1b70-11eb-b605-56226c185009
x-drupal-cache
MISS
x-cache-hits
0, 0, 0, 0
1.gif
dmp.theadex.com/d/506/3014/i/
36 B
306 B
Image
General
Full URL
https://dmp.theadex.com/d/506/3014/i/1.gif?c=4242187308272478158&t=1&location=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&protocol=https%3A%2F%2F&tzo=-60&date=1604145707&sw=1600&sh=1200&sd=24&pd=24&saw=1600&sah=1200&vw=1600&vh=1200&pmd=When%20any%20new%20technology%20comes%20along%2C%20scammers%20often%20jump%20on%20the%20opportunity%20to%20use%20it%20as%20a%20lure%20to%20steal%20personal%20information.%20When%20the%20technology%20is%20backed%20by%20a%20large%20organization%20and%20intended%20for%20use%20by%20an%20entire%20country%2C%20we%20are%20bound%20to%20see%20it%20used%20in%20nefarious%20ways.&pmt=Cybercriminals%20Exploit%20Brazil%E2%80%99s%20PIX%20Instant%20Payment%20Platform%20in%20New%20Phishing%20Attack&r=b0d928f0323b619736c13e512833c07b&c=4242187308272478158&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&adex_consent_checked=1604145707
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.163.159.104 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
nginx /
Resource Hash
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 31 Oct 2020 12:01:48 GMT
server
nginx
p3p
CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
status
200
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
content-length
36
expires
0
nr-1184.min.js
js-agent.newrelic.com/
27 KB
11 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:48 GMT
content-encoding
gzip
x-amz-request-id
A21809B1C987C063
x-cache
HIT
status
200
content-length
10624
x-amz-id-2
5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by
cache-hhn4067-HHN
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1604145708.232299,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
13464
adsct
analytics.twitter.com/i/
31 B
653 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=l6a6s&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
114
pragma
no-cache
last-modified
Sat, 31 Oct 2020 12:01:48 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
63b47afd68f875526a78c396c7fec83d
x-transaction
00e97d2800c18024
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
analytics.twitter.com/i/
31 B
237 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o3qcd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 12:01:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
122
pragma
no-cache
last-modified
Sat, 31 Oct 2020 12:01:48 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
63b47afd68f875526a78c396c7fec83d
x-transaction
00aeb81e002f5966
expires
Tue, 31 Mar 1981 05:00:00 GMT
index.html
js.driftt.com/deploy/assets/ Frame 3569
0
0
Document
General
Full URL
https://js.driftt.com/deploy/assets/index.html
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1604145900000/bt3rzfauhdaf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.32.38 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-32-38.ham50.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/deploy/assets/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
894
server
nginx
last-modified
Tue, 13 Oct 2020 15:05:22 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 31 Oct 2020 12:01:39 GMT
etag
"e6bb65f85e419beda3231798abde6eb3"
cache-control
max-age=10
x-cache
Hit from cloudfront
via
1.1 ddf1a4286ca5a84e441f34f1b121a3ca.cloudfront.net (CloudFront)
x-amz-cf-pop
HAM50-C1
x-amz-cf-id
bO49m7M4TGSKFX9uW42NI2HWslJGcgKCnqyUCtrp94Q-zzAwgTGN5A==
age
9
ab8aacbcff
bam.nr-data.net/1/
57 B
275 B
Script
General
Full URL
https://bam.nr-data.net/1/ab8aacbcff?a=452344952&v=1184.ab39b52&to=M1NVYEFVXUQCUU1cDAoZdldHXVxZTEJYUgY7W1ZaUlNWRTxcVlEGO0BeUURrQ1YEVw%3D%3D&rst=3911&ck=1&ref=https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment&ap=1246&be=1813&fe=3625&dc=2660&perf=%7B%22timing%22:%7B%22of%22:1604145704545,%22n%22:0,%22f%22:363,%22dn%22:363,%22dne%22:370,%22c%22:370,%22s%22:375,%22ce%22:382,%22rq%22:383,%22rp%22:1792,%22rpe%22:1800,%22dl%22:1800,%22di%22:2659,%22ds%22:2659,%22de%22:2699,%22dc%22:3623,%22l%22:3624,%22le%22:3837%7D,%22navigation%22:%7B%7D%7D&fp=2148&fcp=2665&at=HxRWFglPTko%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
index.html
ws.sharethis.com/secure5x/ Frame 46F9
0
0
Document
General
Full URL
https://ws.sharethis.com/secure5x/index.html
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2093:1400:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash

Request headers

:method
GET
:authority
ws.sharethis.com
:scheme
https
:path
/secure5x/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts

Response headers

status
200
content-type
text/html
content-length
4080
content-encoding
gzip
last-modified
Fri, 09 Oct 2020 19:01:02 GMT
server
nginx/1.16.1
x-robots-tag
noindex, nofollow
date
Sat, 31 Oct 2020 02:09:21 GMT
etag
"5f80b36e-390f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 6c314f9bc806736c483494e492792b33.cloudfront.net (CloudFront)
x-amz-cf-pop
HAM50-C1
x-amz-cf-id
5LG4msFkCiB8QaDjVmnQVrLtEoIYqz8WJLoW5W0XlLvc9GNWKecYGA==
age
35548
ab8aacbcff
bam.nr-data.net/events/1/
24 B
185 B
XHR
General
Full URL
https://bam.nr-data.net/events/1/ab8aacbcff?a=452344952&v=1184.ab39b52&to=M1NVYEFVXUQCUU1cDAoZdldHXVxZTEJYUgY7W1ZaUlNWRTxcVlEGO0BeUURrQ1YEVw%3D%3D&rst=13911&ck=1&ref=https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.forcepoint.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

213 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| NREUM object| newrelic function| __nr_require object| html5 object| Modernizr function| $ function| jQuery object| Drupal object| jQuery111208396368872810447 object| MktoForms2 function| MarketoForm function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| DP_jQuery_1604145706683 number| _vis_opt_account_id string| _vis_opt_protocol string| _vis_opt_script1src string| _vis_opt_script2src function| _vis_opt_loadScript number| _vwo_acc_id object| _vwo_exp_ids object| _vwo_exp boolean| _vis_opt_settings_loaded string| _vwo_cookieDomain string| _vwo_uuid string| _vwo_lib_cb string| _vwo_mt string| _vwo_tm object| vwo_iehack_queue object| VWO object| _vwo_pa string| _vwo_opa_cb string| _vwo_worker_cb string| _vis_opt_file_name function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev object| _vwo_t object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath number| _vis_opt_experiment_id boolean| switchTo5x boolean| useFastShare function| lazyloaderDebounceOrThrottle object| echo object| stlib function| _$d function| _$d0 function| _$d_ function| _$d1 function| _$d2 function| _$de function| _$dt object| _all_services boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus string| customProduct string| stWidgetVersion object| stButtons object| stWidget boolean| sop_pview_logged object| ShareThisEvent object| stLight boolean| st_showing object| utag_data function| Waypoint object| AOS function| setCookie function| getParam object| gclid undefined| gclsrc function| picturefill object| options number| ___vwo boolean| DISABLE_NATIVE_CONSTANTS object| __nls function| init_hash boolean| showHoverbarReskinned boolean| isEsiLoaded boolean| stShowNewMobileWidget boolean| isMobileButtonLoaded boolean| stRecentServices boolean| iswhatsappCustomButton boolean| isKikCustomButton boolean| stIsLoggedIn object| servicesLoggedIn object| stFastShareObj object| stButtonsLib function| Shareable function| shareLog string| __stPubGA object| async_buttons function| foursquareCallback function| __stgetPubGA function| plusoneCallback string| typeName boolean| openWidget object| utag_err boolean| utag_condload object| utag object| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap object| _linkedin string| _linkedin_data_partner_id object| adroll_custom_data string| adroll_conversion_value string| adroll_conversion_value_in_dollars string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded object| adroll_record_user function| _tealium_old_error boolean| __tealium_twc_switch object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq string| GoogleAnalyticsObject function| ga string| gtagRename object| dataLayer function| gtag function| fbq function| _fbq object| _adexc function| tealiumGetResourceSearchData function| tealiumTrackResourceSearch function| tealiumTrackResourceClicks number| tn number| f function| drift function| driftt function| twq object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| twttr object| Bizible object| BizTrackingA object| BizA object| LC_API function| lintrk boolean| _already_called_lintrk object| __core-js_shared__ object| platform boolean| __DRIFTT_WIDGET_INCLUDED__ string| __DRIFT_INSTANCE_ID__ boolean| __DRIFTT_SHOW_WIDGET_ON_BOOT__ object| MunchkinTracker function| _h object| adex function| s_doPlugins function| AppMeasurement_Module_Media function| __cmp object| ube object| s_i_websense-fp-prod object| jQuery1124039627586742333665 object| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner object| __adroll_consent_prev_lastchild object| adroll_exp_list string| arg string| baseURL string| messageSet

32 Cookies

Domain/Path Name / Value
.theadex.com/ Name: tis
Value: EP2%3A2610%7CEP14%3A2610%7CEP12%3A2610
.forcepoint.com/ Name: v18
Value: fp%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment
www.forcepoint.com/ Name: driftt_aid
Value: c03a03ef-a712-403e-aafb-23a139b312f7
www.forcepoint.com/ Name: axd
Value: 4242187308272478158
.forcepoint.com/ Name: AMCV_8DC067C25245AFA80A490D4C%40AdobeOrg
Value: 281789898%7CMCIDTS%7C18567%7CMCMID%7C14126098783681722974034373541184079424%7CMCAAMLH-1604750507%7C6%7CMCAAMB-1604750507%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1604152907s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18574%7CvVersion%7C4.1.0
www.forcepoint.com/ Name: BIGipServerabmweb-nginx-app_https
Value: !FmZDlXwytdwPqjVybf/nLIVwOTHiDpuZDefG/58hS2l+F140D1f7emtNZZz8GW2EzKi7+IB8xymKLA==
.forcepoint.com/ Name: AMCVS_8DC067C25245AFA80A490D4C%40AdobeOrg
Value: 1
.forcepoint.com/ Name: _mkto_trk
Value: id:018-NKF-008&token:_mch-forcepoint.com-1604145707485-86562
www.forcepoint.com/ Name: cmp
Value: 7011G000000Y7cM
.forcepoint.com/ Name: s_ecid
Value: MCMID%7C14126098783681722974034373541184079424
.forcepoint.com/ Name: s_cc
Value: true
.forcepoint.com/ Name: _biz_pendingA
Value: %5B%5D
.theadex.com/ Name: axd
Value: 4242187308272478158
.forcepoint.com/ Name: _biz_nA
Value: 1
.forcepoint.com/ Name: _biz_sid
Value: aeb31
.forcepoint.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.forcepoint.com/blog/x-labs Name: DriftPlaybook
Value: A
.forcepoint.com/ Name: _gcl_au
Value: 1.1.1682919037.1604145707
.forcepoint.com/ Name: _gat_tealium_0
Value: 1
.forcepoint.com/ Name: utag_main
Value: v_id:01757e88f921001fe888267404240007800e907000b08$_sn:1$_ss:1$_st:1604147507298$ses_id:1604145707298%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:forcepoint.com
.forcepoint.com/ Name: _biz_uid
Value: 4f68d7ffd0614057e8b72673815c7bb4
.forcepoint.com/ Name: _gid
Value: GA1.2.773292889.1604145707
.demdex.net/ Name: demdex
Value: 18344337633082910464400957634470870191
.forcepoint.com/ Name: _vwo_ds
Value: 3%3Aa_0%2Ct_0%3A0%241604145706%3A82.16300486%3A%3A%3A4_0%2C3_0%3A0
.forcepoint.com/ Name: _vwo_sn
Value: 0%3A1
.forcepoint.com/ Name: _fbp
Value: fb.1.1604145707477.306414256
.forcepoint.com/ Name: _vwo_uuid
Value: D8BF54EDB3865E02C386A5764FE4AE1C6
.forcepoint.com/ Name: _vis_opt_s
Value: 1%7C
.forcepoint.com/ Name: _vis_opt_test_cookie
Value: 1
www.forcepoint.com/ Name: has_js
Value: 1
.forcepoint.com/ Name: _ga
Value: GA1.2.90267529.1604145707
.forcepoint.com/ Name: _vwo_uuid_v2
Value: D8BF54EDB3865E02C386A5764FE4AE1C6|4cab07f631ec112bbc27e1b85f32a6c8

8 Console Messages

Source Level URL
Text
console-api debug URL: https://info.silobreaker.com/e2t/sc2/MmZ-8yjP2lLW92yj776WlVC4W7mPLJB4NPvYzW3JtyMM5VBkfndBBD6x04(Line 13)
Message:
toS
console-api log URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 2)
Message:
start VWO sync section
console-api log URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 5)
Message:
VWO load https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts&random=0.8317976241496603
console-api log URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 9)
Message:
VWO loaded
console-api log URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts(Line 95)
Message:
VWO load https://d5phz18u4wuww.cloudfront.net/vis_opt.js
console-api log URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts(Line 95)
Message:
VWO top initialize
console-api log URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz--V6tzdZhpiIQjBPNdOTY0IRn0aE6WyYQqEiF5sF0TkpAgXBlsPkVXe-5EuNbBz7bN9P4P2KsKL3I7vy4XZUp42pA6JUjp-s5TRkqxRhsiP4C2T0Ts(Line 95)
Message:
VWO bottom initialize
console-api warning URL: https://connect.facebook.net/en_US/fbevents.js(Line 23)
Message:
[Facebook Pixel] - Duplicate Pixel ID: 168348421119586.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

018-nkf-008.mktoresp.com
6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
ajax.googleapis.com
analytics.twitter.com
analyticsssl.forcepoint.com
assets.ubembed.com
attr.ml-api.io
bam.nr-data.net
c.sharethis.mgr.consensu.org
cdn.bizible.com
cdn.bizibly.com
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
d5phz18u4wuww.cloudfront.net
dev.visualwebsiteoptimizer.com
dmp.theadex.com
dpm.demdex.net
info.silobreaker.com
js-agent.newrelic.com
js.driftt.com
l.sharethis.com
munchkin.marketo.net
nextroll.com
platform.twitter.com
px.ads.linkedin.com
s.adroll.com
s.ml-attr.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.tiqcdn.com
websenseinc.demdex.net
ws.sharethis.com
ws.zoominfo.com
www.facebook.com
www.forcepoint.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
104.109.95.62
104.111.215.136
104.244.42.3
104.244.42.5
143.204.101.28
15.237.76.117
151.101.112.157
151.101.114.110
151.101.13.131
162.247.242.18
18.195.43.194
185.33.221.50
192.28.144.124
199.60.103.254
23.210.248.216
2600:9000:2093:1400:3:c04e:c780:93a1
2600:9000:2093:ba00:c:a9b7:ddc0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:125e
2606:4700::6810:a852
2620:1ec:21::14
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:816::200e
2a00:1450:4001:817::2003
2a00:1450:4001:818::200a
2a00:1450:4001:81a::2004
2a00:1450:400c:c07::9c
2a02:26f0:eb:3b4::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:1b::740
2a05:f500:11:101::b93f:9005
34.249.66.13
34.96.102.137
52.21.175.83
52.49.47.228
52.85.32.38
54.171.23.184
54.246.3.97
66.117.28.86
68.232.35.12
68.67.153.60
89.163.159.104
99.86.2.19
99.86.2.95
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0cd76c0e7ab206f138acc0c00c8909b344ebeecd07986a950e1b7632eedca1cb
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13307a4188344f0e50223b975d45f37af16ff6fce216b7e3fb2252d16e51467a
1493f7f51959732ad8cec8f45b24bc11773637f74c9bf47a1a23f66b47d595b6
152d33f581c1bd7b2a423e3e2fa1a2c34817751298e0829bc4154f9e04844baa
16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1
178c0cef22122f076e0bd80e16ed1cfbcf9bfe317b4c29f63e69fce067b93887
18dfd5ec32dd554315f38d3a26928fe8e29ee504b7a0388ac72e64577c60077b
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1d77e8287d004c24f8cec3feb7813d728ff8be437a4ae79f42259bcf9f6d4359
1e8c2c1c69e177db8aab839264b26577c44af29b75cc4edb25b5021b0b4538e3
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
2123dfed956383e8fd59b9919c459bbe744b73a962680d81839825d178b575e0
23821571872a83c43ffbaccd85f6447da8462361c42e5877776ec4b50a56e5e9
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
29d2f106a99a4e0ab8119a7eff1ef5e8a5032f6700900f694121c80a8320d636
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2d6b3f3c5ff369d4df14f16820d8300a5c57ea938bc1f932421a5d6241f9e568
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
303955d772f28572e94ee1c25f474f014588a26f430bc9394e379c2b0d69059a
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3bf68fd8998873a2885f9a5e2baccf393024fa7ebb9e992aa260dfe542e1aea0
402e80f9b0af45bb9f341ed3b3ac87a7000c212f9233c71d028bd317f339cf27
4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f
4d1a17044b0075f8f1089bfe74833f44697cb61e60c86287e8a191516abaa853
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
519be4598150ebd07de7df2af974a5928f956f617b4cecb376181f34bf7b1df6
527ce22593bfcd6e20caa955f7f3ee14538001d5077c5f24d3bd52a31b36dd34
52de4f853e32cbad1473948b54b45888a76d70bc156a906a4e90d3fe9d63384f
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a1a1ccce193736380d92b310e6c721d7d727d3f5a7efca350606428827a489a
5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
606b1457709eeda5c12414b6dffbf91ce13f13942fc970d785806efd7ee734d5
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6408a837784b4b1e5bdce4b19d2bb4ff1c08c63eaebfe028bd91a559e7eceb8c
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
679a84800b9d250faa709bee60c04cf62ac9c78e4b7aef9bce3f38f1a35d8d9e
68253ec054bea4b6ab38323bec24b592d9f2d685adcd63a7c1271ea27d7740ed
6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b
7048e979431ed7c753e4a9fc98c87f88d2f0deb0dfa8c39c13ef862ae4e232a1
705625f67416c089ec12f98067511c51064b70b57ee1241ba675a1030d26213c
72e4b47a17fe8af5accf40c4965387a6ed961a73bab5f487768e055d394711d4
72fb5955f493a44aa536fa71091404a34bf1205c6d7669232333d50a7c09f873
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
7925a2e11bef48cf274fc980f2a5e3eb9a355a6e3c875a293f3d041f4d2757ce
79673753d63f34d0e4d8fcec94babbf043b27387bd7767d0ba8c354f3642a54c
7bc1dc7d2a673a36a6e7b3d26c7fd8f5cc42d8b2d41a98e4de2a5ebdaaea9bf7
7c7037514836388334db2f123a214f7ec133481a2d7d128adb62693b5ce9dcef
7da0540e0b536da199335da765f4aa358878f41b295d64fea84e1ee7ae5c73ca
7da3716d9946f2c609d488aa7c55e83935149ce4cdce0e7d80030aa663b8dc3d
7fc6a0616e0a7cf3b8abaa2ab6a02147601829c741de3c870ab3df86aec4af5c
8153575fa281d697e1733cb4d9bca0672c7a53bfe2d17191da06bb418c9247de
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8275ce62ba23473ad2cf760b9ac237a235261d5d38523c26d32ed4f48d4d2492
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86e8428fa1f7a039682565e701bc7c562fd5274be25fc3b3b5cc3f17bdfe4ef5
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
88a9f854838d4933c158c0b65f9e855992a05790931fdd5e588f637cb82d07c6
89f73af23bcadce2d0605735149c8a7ce2586cfcb9db7a158521b1ed9139e69e
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c3f0e9b32d6de9794c58be0c1f01fd729a47d4d4cba1da3ef7366bb282564a1
8d840af08b18a0a99928ebbbb9a0b4263e08631c0177a3c74963c0e9056c3a21
9013ff56b3eb7dacea9886c26ddead020a8cd81822f40ead55df95b779941b14
912856e113e646cb59dd2a480be66f5463455408b458432e0a7234664608685c
913a3d6d72df757623fc7a1ef37ef84e60ffbff83cb9514aa01a39db05f7bee4
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9483d84c3dbce2446506011035e4135b87b44657eed947acd345faa338521004
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
95fa06fca5253dd4347dc57fc0cea541dc25d8fa30771904c1d00fa695603dbd
98c26f5c930391ad6bd544218212ffbe8e1e7f2025966993ccf3758a7714ed1a
9bf02c9770b2f6cca2e8995e99c09c07ef6f970d78f11912f924056a3eaa44e3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9d15898503a42b662e23214cd7b80ea6c1758596cae92b51509d5a752f71cf66
a1ac3d755b387c28943563b82db22d874a1b192ba8119a4bc3f1697a2a7e258b
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a51ccbe50d3e48a6dbfab565c9cd32eb148afb8134890b8437fb85c2b09d0c74
a5801778ff84312987440fe98294960b5b514a764ce5cd09cd6afcffcf38862f
a793b9a0507f90f79bb2f91d160962842e4b9aeb48e1475438cdae3717e3834e
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
aa4cc7495d93429692ca8892e95e44150a3379a21aeb137e2a33166ecffbd294
ab02e7268fb89fe4f957122f633ee562e025adcbb94bea973f426b3f5f5b1806
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2061cb6a8e442a3fb2a9914e62d951aac02e182784d202369ce920aa88fd019
b46b95aec476bbd119873b245722eef166772d341eca4f2fcff05e3a30b62de0
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b69c8458f5ca5c3f09345eed4b8ba858149eec0c99db74a01e860f6e5b5968af
b80a71bbfd599367ed06d6cd8a59d87bf0b02aafde9b20b1554abcfbf00abae3
ba206ae667f1642cd0a35950bee63b5f3df2a147d04272a5f3aba7e2d53167aa
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c0e0b9f64e6354a2677f8cc7b48c489b4fac6183a86dfedc0f52bb0cc17fce3a
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c5b4d853430d5557c3ed99dbd1780a198e25e0b6afa960beb3ddf2cb9806df98
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
c816a3b84358da6c4f4436d7afae0826aff6247c312f8998f922b944a43a6743
c90104dc032e1b6605d49139049970b3c2c294a0fb039b3de33c7d6c05ea9bab
cb5d792f92a7b7dfcf66898fe8b5597b10a5f04dd9b83c848711401ebc0bd5f6
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce35f2450851af5e3b8e502f29a7048c7da4b7474061493711a15becf6fd7e0b
cf401f0aec11d24c5272997dcb1ffb78c55df70499a70c7f0863b91e215a592b
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d13d2b53b4c831de48ab2c643aa9e2b3f7cf5de0716c85ca24aa858a8c9d71df
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
dd3989fea51741ca2df9b9d4322db02d378098b5dcca8342a0209a79eadf8933
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
df25786bc3951d78d0f763a2a75a1f33b01b8ae2a5157831d2cf4d0348c2ede7
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfc5564378e3431d304458fb8249ed66bd3bec6809a069f99efdefd3921e2cba
e29d9249450c34c94e78ea24e50f48a0921d5403c584539c7f841a18952a12f7
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3a5e17dd26ebd37ea990a2591a24b1bf8da5bf6f42ddb185abcb5b14674a9bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e52e36134236de5bc2ed14fae433aeb6c3e22964df2ee8645c05acbbbd80bec0
e662822f90ea34690370a8dfa7a5c01673e833247c84834c51b64c3dbabf596d
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
e96ee4202dd697f4757a0c1502f5b3ae79c0d59d0823d80a80ac3ed97132d861
ebace77f08582c8518a06375ee41263d1f09bacffccc36b25181b03b0652b249
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f410972f63cd7a3e72bced8a9d9e5853ce3a68f814d1f3f9750a71fb140d7ec3
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
f6af35dde88963c568d23ea26367a7ada162c58a31ec3cf5045be7ea85002c1f
f83d0e410eff198ed5a5e5cbb597db1f33421bdca9d09bbe7f389f5720a721e1
fda75daabf20c593fb3c3cb3ffee398c33a8a59dfb22350e575072f6a294a7d0
fe1204692b14773ce1f8a8b10ca5334c73331ef62739c0165e9877e5e89b62d3