cofense.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Submission: On May 18 via api (May 18th 2023, 2:10:36 am UTC) from TR — Scanned from DE

Summary HTTP 229 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 38 IPs in 4 countries across 31 domains to perform 229 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is cofense.com. The Cisco Umbrella rank of the primary domain is 562921.
TLS certificate: Issued by R3 on May 5th 2023. Valid for: 3 months.

This is the only time cofense.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 84	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6812:1105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
10	95.101.111.170 95.101.111.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.73.0.225 52.73.0.225	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.102.38.132 104.102.38.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	143.204.98.30 143.204.98.30	16509 (AMAZON-02) (AMAZON-02)
71	18.66.112.118 18.66.112.118	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:4f:1... 2620:1ec:4f:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.118.109 146.75.118.109	54113 (FASTLY) (FASTLY)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a02:26f0:340... 2a02:26f0:3400::215:4f28	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	52.20.195.32 52.20.195.32	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:20e... 2600:9000:20eb:b400:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	3.124.207.209 3.124.207.209	16509 (AMAZON-02) (AMAZON-02)
3	104.211.35.148 104.211.35.148	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.70.128.149 52.70.128.149	14618 (AMAZON-AES) (AMAZON-AES)
12	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.188.42.15 35.188.42.15	15169 (GOOGLE) (GOOGLE)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.217.234.82 52.217.234.82	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:8d:... 2a04:4e42:8d::720	54113 (FASTLY) (FASTLY)
229	38

84 141.193.213.20 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

cofense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:1105 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 95.101.111.170 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-170.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.73.0.225 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-0-225.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.38.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-38-132.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-30.fra50.r.cloudfront.net

static.oktopost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 18.66.112.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-118.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:4f:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.118.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.90 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3400::215:4f28 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.195.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-195-32.compute-1.amazonaws.com

okt.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:b400:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

404-jhu-612.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.207.209 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-207-209.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.211.35.148 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

y.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.70.128.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-128-149.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.188.42.15 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 15.42.188.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.234.82 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com

qualified-production.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8d::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
84	cofense.com 1 redirects cofense.com — Cisco Umbrella Rank: 562921	720 KB
71	driftt.com js.driftt.com — Cisco Umbrella Rank: 5156	860 KB
12	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6062 metrics.api.drift.com — Cisco Umbrella Rank: 5922 event.api.drift.com — Cisco Umbrella Rank: 6560 targeting.api.drift.com — Cisco Umbrella Rank: 6280 flow.api.drift.com — Cisco Umbrella Rank: 11202	12 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 5474 c.6sc.co — Cisco Umbrella Rank: 8348 ipv6.6sc.co — Cisco Umbrella Rank: 5745 b.6sc.co — Cisco Umbrella Rank: 3818	15 KB
9	qualified.com js.qualified.com — Cisco Umbrella Rank: 22707 app.qualified.com — Cisco Umbrella Rank: 24191 assets.qualified.com — Cisco Umbrella Rank: 25235	855 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 952 y.clarity.ms — Cisco Umbrella Rank: 8132 c.clarity.ms — Cisco Umbrella Rank: 1495	27 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 339 www.linkedin.com — Cisco Umbrella Rank: 603 px4.ads.linkedin.com — Cisco Umbrella Rank: 6328	4 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3686 www.google.com — Cisco Umbrella Rank: 2	713 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14310 ibc-flow.techtarget.com — Cisco Umbrella Rank: 16318	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9870	571 B
2	google.de www.google.de — Cisco Umbrella Rank: 6080	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 76	393 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3129	7 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	188 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 14532	24 KB
1	amazonaws.com qualified-production.s3.us-east-1.amazonaws.com — Cisco Umbrella Rank: 36964	7 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 232	738 B
1	sentry.io sentry.io — Cisco Umbrella Rank: 219	442 B
1	mktoresp.com 404-jhu-612.mktoresp.com	318 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 825	375 B
1	okt.to okt.to — Cisco Umbrella Rank: 26502	100 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 417	813 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 9082	6 KB
1	oktopost.com static.oktopost.com — Cisco Umbrella Rank: 31944	4 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4061	2 KB
1	lltrck.com lltrck.com — Cisco Umbrella Rank: 27508
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 725	5 KB
1	gstatic.com fonts.gstatic.com	38 KB
1	typekit.net p.typekit.net — Cisco Umbrella Rank: 581	186 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
229	31

	Domain	Requested by
84	cofense.com	1 redirects cofense.com
71	js.driftt.com	cofense.com js.driftt.com
7	assets.qualified.com	cofense.com app.qualified.com
7	b.6sc.co	cofense.com
4	targeting.api.drift.com	js.driftt.com
3	y.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	3 redirects
3	www.google-analytics.com	www.googletagmanager.com cofense.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	c.clarity.ms	1 redirects
2	bootstrap.api.drift.com	js.driftt.com
2	epsilon.6sense.com	j.6sc.co
2	www.google.de	cofense.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	ipv6.6sc.co	j.6sc.co
2	c.6sc.co	j.6sc.co
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.clarity.ms	cofense.com www.clarity.ms
2	munchkin.marketo.net	cofense.com munchkin.marketo.net
2	www.googletagmanager.com	cofense.com www.googletagmanager.com
1	driftt.imgix.net
1	qualified-production.s3.us-east-1.amazonaws.com
1	c.bing.com	1 redirects
1	sentry.io	assets.qualified.com
1	app.qualified.com	js.qualified.com
1	www.google.com	cofense.com
1	404-jhu-612.mktoresp.com	munchkin.marketo.net
1	px4.ads.linkedin.com	cofense.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	okt.to	static.oktopost.com
1	secure.adnxs.com	j.6sc.co
1	extend.vimeocdn.com	www.googletagmanager.com
1	trk.techtarget.com	cofense.com
1	static.oktopost.com	cofense.com
1	ws.zoominfo.com	cofense.com
1	lltrck.com	cofense.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	cofense.com
1	fonts.gstatic.com	fonts.googleapis.com
1	p.typekit.net	cofense.com
1	js.qualified.com	cofense.com
1	fonts.googleapis.com	cofense.com
229	46

This site contains links to these domains. Also see Links.

Domain
cofense.zendesk.com
go.cofense.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
wpml.org

Subject Issuer	Validity	Valid
cofense.com R3	`2023-05-05` - `2023-08-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
6sc.co R3	`2023-03-11` - `2023-06-09`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2022-07-25` - `2023-08-26`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.oktopost.com Amazon RSA 2048 M01	`2023-02-28` - `2023-10-27`	8 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-02-18` - `2024-03-21`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-04-03` - `2023-07-03`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
okt.to R3	`2023-03-24` - `2023-06-22`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
app.qualified.com R3	`2023-03-22` - `2023-06-20`	3 months	crt.sh
sentry.io DigiCert TLS RSA SHA256 2020 CA1	`2022-06-03` - `2023-07-04`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2023-04-11` - `2023-12-20`	8 months	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-03-05` - `2024-04-05`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Frame ID: 1BE0F5B72E1137CEC34263F9EB102D55
Requests: 145 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
Frame ID: 2D511376D2D2D95D8CCDCCA30E1917E8
Requests: 41 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
Frame ID: BB61CC97C6E82A1AEB2450C3E3B7CA1C
Requests: 36 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5
Frame ID: 83335319D2A49D1E8E87E59256D8940D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) New Messages!

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

229
Requests

98 %
HTTPS

51 %
IPv6

31
Domains

46
Subdomains

38
IPs

4
Countries

2797 kB
Transfer

8263 kB
Size

39
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://cofense.zendesk.com/auth/v2/login/signin
Title: Customer Resource Center

Search URL Search Domain Scan URL

URL: https://go.cofense.com/live-demo/
Title: Get a Demo

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cofense/
Title: Facebook-f

Search URL Search Domain Scan URL

URL: https://twitter.com/cofense
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/11500065/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCbvJmFk-Pwf85UbGI9-EGxw
Title: Youtube

Search URL Search Domain Scan URL

URL: https://wpml.org/
Title: wpml.org

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 83

https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf HTTP 301
https://cofense.com/

Request Chain 119

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1684375830560%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%252Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQIPMsZZzHR9NgAAAYgsn4RrDnsyKznEMSyproJepkxM7taZYzB-P5oYx964B8rW7yJ7fX-xVEfa0GZbAsD-urOX7x4VIQ

Request Chain 209

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=A336801B9280418DB4F32DEC61AB8D5D&RedC=c.clarity.ms&MXFR=1549A7451990665612C1B4501D90682E HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A336801B9280418DB4F32DEC61AB8D5D&MUID=1E65DAF8503D6738008BC9ED5156661A

229 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ 137 KB
26 KB 506ms
452ms Document
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: a4c2dc7043f4e47798e8884cc62a1f2004775772516af31a5acd806a2de75db2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=2419200, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c909063cc7803a6-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 18 May 2023 02:10:29 GMT
last-modified: Wed, 17 May 2023 10:36:09 GMT
link: <https://cofense.com/wp-json/>; rel="https://api.w.org/" <https://cofense.com/wp-json/wp/v2/posts/102425>; rel="alternate"; type="application/json" <https://cofense.com/?p=102425>; rel=shortlink
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 230
x-cache-group: normal
x-cacheable: YES:2419200.000
x-pingback: https://cofense.com/xmlrpc.php
x-powered-by: WP Engine

GET
H2 200 css
fonts.googleapis.com/ 21 KB
1 KB 65ms
34ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a021e5ef7022a556c759cca4e248f10383d65a1cd4df600dae57ea37ca481073

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 18 May 2023 01:34:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 18 May 2023 02:10:29 GMT

GET
H2 200 style.min.css
cofense.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 40ms
25ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:40:01 GMT
server: cloudflare
age: 18415
etag: W/"645d52a1-17ced"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4103a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 classic-themes.min.css
cofense.com/wp-includes/css/ 291 B
274 B 38ms
23ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/css/classic-themes.min.css?ver=6.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:40:00 GMT
server: cloudflare
age: 18415
etag: W/"645d52a0-123"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4303a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 styles.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/ 57 KB
7 KB 39ms
24ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cc15bc3d3dda4e699624aae9727570dd1cb7cfa4535a074a453e1437e279d21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 18416
etag: W/"64653e5f-e379"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4403a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.min.css
cofense.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/ 908 B
372 B 51ms
37ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22a79f1fbcc70373c7021bae2164d9232d1e9dd3c6a163df9f9f54070e5f6b50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:14 GMT
server: cloudflare
age: 18416
etag: W/"64405226-38c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4603a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.min.css
cofense.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/ 258 B
212 B 38ms
23ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:14 GMT
server: cloudflare
age: 18415
etag: W/"64405226-102"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4703a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.css
cofense.com/wp-content/cache/min/1/wp-content/themes/cofense/ 8 KB
3 KB 40ms
25ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/themes/cofense/style.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3dfc3f03106f85ab56ceaadf44433f35cca4209d64922d50a1c650c90aa60ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 18415
etag: W/"64653e5f-1fc3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4803a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 404 custom.css
cofense.com/wp-content/themes/cofense/css/ 0
0 476ms
461ms Stylesheet
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/themes/cofense/css/custom.css?ver=6.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 7c909066be4903a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 404 testing.css
cofense.com/wp-content/themes/cofense/css/ 0
0 152ms
138ms Stylesheet
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/themes/cofense/css/testing.css?ver=6.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 7c909066be4a03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 elementor-icons.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 41ms
26ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02a76dc0b61a8e0a92b77ca42acc3d45bb580a82576b624bc7181336376ef375

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 18415
etag: W/"64653e5f-4d7e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4b03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 frontend-lite.min.css
cofense.com/wp-content/plugins/elementor/assets/css/ 82 KB
11 KB 42ms
28ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fde087c9787c0e8f06c39fae532bf7b481c06259272f492ebe87634fe54ea162

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:45 GMT
server: cloudflare
age: 18415
etag: W/"645e6889-1466c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066be4c03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 swiper.min.css
cofense.com/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
2 KB 56ms
42ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 18415
etag: W/"64405228-324c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce4e03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-15.css
cofense.com/wp-content/uploads/elementor/css/ 6 KB
1 KB 34ms
20ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1684356700
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82b28becadf6ab1c3eaf14ee8bf08e65a5f138234f83f6b026e43ff171823d66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:40 GMT
server: cloudflare
age: 18415
etag: W/"64653e5c-1995"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce4f03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 frontend-lite.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/ 11 KB
2 KB 35ms
21ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.13.1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 879b72c4a0278d58c37dbced4e86616f012fa8dc0aa70350cd0dbbf17c062571

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:42 GMT
server: cloudflare
age: 18415
etag: W/"645e6886-2c4b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5003a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-102425.css
cofense.com/wp-content/uploads/elementor/css/ 134 B
195 B 57ms
44ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-102425.css?ver=1684356702
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca4b8bc30efe3bc477a4699a51c7ca0ba2cf24f24f02d3b861453a1aac7d0fb6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:42 GMT
server: cloudflare
age: 527
etag: W/"64653e5e-86"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5103a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-93807.css
cofense.com/wp-content/uploads/elementor/css/ 3 KB
663 B 81ms
67ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-93807.css?ver=1684356700
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3c983227e71c4f8da7d9af830cde723a94fd1a3a712e666c1f389dfac405bb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:40 GMT
server: cloudflare
age: 18415
etag: W/"64653e5c-b4b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5203a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-1266.css
cofense.com/wp-content/uploads/elementor/css/ 19 KB
2 KB 84ms
70ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-1266.css?ver=1684356700
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 727a730eda79071d5f02ba91d752c3feed10e0cd63a9c042f298390c24f85236

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:40 GMT
server: cloudflare
age: 18415
etag: W/"64653e5c-4ba3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5303a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-1271.css
cofense.com/wp-content/uploads/elementor/css/ 16 KB
2 KB 66ms
52ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-1271.css?ver=1684356700
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cbf6e774cef56a187b12fea61250b10a013df245ca8ed9c47bf3f18f8a7696b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:40 GMT
server: cloudflare
age: 18415
etag: W/"64653e5c-3e58"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5403a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-1386.css
cofense.com/wp-content/uploads/elementor/css/ 11 KB
2 KB 45ms
32ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1684356700
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f468279f26e593cb95007007c5a99d4f5b185fb8f8626717d86b767b118f431

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:40 GMT
server: cloudflare
age: 527
etag: W/"64653e5c-2df2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5603a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 widget-styles.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 439 KB
51 KB 76ms
63ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: aebf3a5076b724c0097b17849789e5b72ab7a54d91fae262585b0266c2670b23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 18415
etag: W/"64653e5f-6db32"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5703a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 responsive.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 30 KB
3 KB 44ms
31ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 18415
etag: W/"64653e5f-764b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5803a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ecs-style.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/ 6 KB
1 KB 45ms
33ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/ecs-style.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cbc49b1385bf29debe95333f04795a6e3a2cf218d88b415b29872d06491fd1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 18415
etag: W/"64653e5f-19b2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5903a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-1462.css
cofense.com/wp-content/uploads/elementor/css/ 2 KB
731 B 67ms
55ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-1462.css?ver=1671033592
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b89b6165327872066d09bf529b6f131b238a193e71a8ab9108b2ea40ae92d3f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:52:20 GMT
server: cloudflare
age: 18415
etag: W/"64653e84-88b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5a03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fontawesome.min.css
cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
12 KB 78ms
66ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 05 Jan 2023 21:47:34 GMT
server: cloudflare
age: 11391892
etag: W/"63b74576-e238"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5b03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 solid.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 1 KB
436 B 68ms
56ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc7e118b7e07217031d017282955569cb66891f527050135caadb2dd5779824f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 527
etag: W/"64653e5f-43a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5c03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 brands.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 1 KB
406 B 42ms
30ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8449a28a151415d580be1dfd69056906199f1dd6ceb2c1b5edf61950ada9d13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 527
etag: W/"64653e5f-440"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5d03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
cofense.com/wp-includes/js/jquery/ 88 KB
31 KB 56ms
44ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.3
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:39:58 GMT
server: cloudflare
age: 9335
etag: W/"645d529e-15ed7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7003a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
cofense.com/wp-includes/js/jquery/ 13 KB
5 KB 52ms
40ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:39:58 GMT
server: cloudflare
age: 527
etag: W/"645d529e-3470"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7103a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 language-cookie.js Show response
cofense.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/ 226 B
231 B 48ms
36ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.3
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71966cb221a057ee9313fb232e40c7a0a70d2e472909c3947f4878c8e195ad53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:14 GMT
server: cloudflare
age: 527
etag: W/"64405226-e2"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7203a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ecs_ajax_pagination.js Show response
cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ 4 KB
1 KB 59ms
47ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ecs_ajax_pagination.js?ver=3.1.7
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95af163892829a3ef249441b70b2c8281b845edea4b24680d3326486861d6082

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:17 GMT
server: cloudflare
age: 527
etag: W/"64405229-ecb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7303a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ecs.js Show response
cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ 284 B
304 B 51ms
39ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ecs.js?ver=3.1.7
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 566d4c5dfefc9c4d867e6bef080917a4273b4228731a8700e81f1763eae3d861

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: W/"64405228-11c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7403a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 zlo5wor.css
cofense.com/wp-content/cache/min/1/ 816 B
387 B 51ms
40ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/zlo5wor.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1a5c4b5574a4104a92b2e700e6f0fc5b001c4297ebc5a1e76d67b1fbeb1c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 527
etag: W/"64653e5f-330"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce5e03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 qualified.js Show response
js.qualified.com/ 577 KB
143 KB 446ms
412ms Script
text/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7db64528c3a512e392a9d8a3ea52a192b088bb809926475d9afe703fcc769806

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: gzip
via: 1.1 spaces-router (e46a9e002bdb)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 57c63a3a-f96a-cbe3-8f0e-ce25f25201f2
pragma: no-cache
x-runtime: 0.019255
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"7db64528c3a512e392a9d8a3ea52a192"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 7c909067f8aa381b-FRA
expires: Thu, 18 May 2023 06:10:30 GMT

GET
H2 200 widget-nav-menu.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/ 26 KB
3 KB 57ms
45ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-nav-menu.min.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4269d080795dd196c4df94822c88ff9c5d8dc5c2e1ca78371af88f9887df2a03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:43 GMT
server: cloudflare
age: 527
etag: W/"645e6887-67e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6003a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 widget-icon-list.min.css
cofense.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 52ms
41ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed83017a905156aab441dfb38df329582a3f5d178248f2b085ce082af97e15a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 05 Jan 2023 21:47:34 GMT
server: cloudflare
age: 11384957
etag: W/"63b74576-2673"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6103a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 widget-theme-elements.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/ 10 KB
2 KB 79ms
68ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68391267b7be9baf7d254da6b10ae55f6dad95f475da47e115b383d0a1b11bf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:43 GMT
server: cloudflare
age: 6218
etag: W/"645e6887-26fc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6203a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 widget-share-buttons.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/ 30 KB
2 KB 80ms
69ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3712503bb918df807d914560581fd3a9a80fea3b4321467119699669b48571e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:43 GMT
server: cloudflare
age: 527
etag: W/"645e6887-777b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6303a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 widget-posts.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/ 14 KB
2 KB 58ms
47ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6d43b4adbc46130383d2e36d8ab9ecfa4ea32e3c7f360e05343a7476d639f0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:43 GMT
server: cloudflare
age: 527
etag: W/"645e6887-374b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6503a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-9276.css
cofense.com/wp-content/uploads/elementor/css/ 5 KB
859 B 71ms
60ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-9276.css?ver=1684356701
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a7d5d0c9c86dc2db1249eee49e178e16885d04b41f20cab6e5ad4e5a51f89af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:41 GMT
server: cloudflare
age: 527
etag: W/"64653e5d-12e5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6603a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-9277.css
cofense.com/wp-content/uploads/elementor/css/ 5 KB
749 B 45ms
35ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-9277.css?ver=1684356701
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b6282f417900055c604419822eb0ff788d325f23c9eca94146e3086177e8f0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:41 GMT
server: cloudflare
age: 527
etag: W/"64653e5d-15ce"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6703a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-9907.css
cofense.com/wp-content/uploads/elementor/css/ 3 KB
513 B 46ms
35ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-9907.css?ver=1684356701
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3e04a15bb017b906d4834cb5da6e3ea409b5da37a0cd9cec4b62a496f8560a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:41 GMT
server: cloudflare
age: 2244
etag: W/"64653e5d-a0d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6803a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-94175.css
cofense.com/wp-content/uploads/elementor/css/ 3 KB
517 B 48ms
37ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-94175.css?ver=1684356701
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5cc98a7681a840c7940cf675360a0def2ffacf2ea52b046ce5354a9ee873dd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:41 GMT
server: cloudflare
age: 527
etag: W/"64653e5d-a1e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6a03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-94173.css
cofense.com/wp-content/uploads/elementor/css/ 3 KB
494 B 52ms
41ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-94173.css?ver=1684356701
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eaf3fbeb37e264707dd55409d3e8729dbbf6fdc39536e3961c59ec0a4ebad5f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:41 GMT
server: cloudflare
age: 527
etag: W/"64653e5d-a1e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6b03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 regular.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 1 KB
400 B 44ms
33ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=1684356703
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f42fa1fe21c3cdf7ccfa09bfb44d1325bd3713e1ddb82e661e2c28002eef957

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:43 GMT
server: cloudflare
age: 527
etag: W/"64653e5f-442"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6c03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 post-96724.css
cofense.com/wp-content/uploads/elementor/css/ 6 KB
1 KB 53ms
43ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/uploads/elementor/css/post-96724.css?ver=1684356701
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 898af87758a66841b8b37df0d1b8b89b65c6cfc78e63e1031372ce49c7c80e83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 17 May 2023 20:51:41 GMT
server: cloudflare
age: 527
etag: W/"64653e5d-19ab"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6d03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 animations.min.css
cofense.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 61ms
51ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:17 GMT
server: cloudflare
age: 527
etag: W/"64405229-4824"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce6e03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 lazysizes.min.js Show response
cofense.com/wp-content/plugins/ewww-image-optimizer/includes/ 14 KB
5 KB 56ms
46ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=700
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c05a1108c176130e9dff2f6a5ebdb60be1c3e17b5a8f83de35b29f44fb109434

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: W/"64405228-3860"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7603a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 navigation.js Show response
cofense.com/wp-content/themes/cofense/js/ 3 KB
1 KB 62ms
52ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/themes/cofense/js/navigation.js?ver=1.0.0
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ee0654259fda0bbfeab4305b895e740659613080d90352bd36c1452fd426ef6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 10 Mar 2023 17:41:42 GMT
server: cloudflare
age: 5805234
etag: W/"640b6bd6-ba4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7703a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 frontend-script.js Show response
cofense.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/ 40 B
172 B 79ms
70ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.8.8
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: "64405228-28"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c909066ce7803a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40

GET
H2 200 widget-scripts.js Show response
cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 134 KB
37 KB 66ms
57ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.8.8
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: W/"64405228-2193f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7903a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 heartbeat.js Show response
cofense.com/wp-content/plugins/wp-rocket/assets/js/ 0
82 B 47ms
38ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/wp-rocket/assets/js/heartbeat.js?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:13 GMT
server: cloudflare
age: 527
etag: "64405225-0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c909066ce7a03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 jquery.smartmenus.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/ 25 KB
7 KB 65ms
56ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: W/"64405228-6272"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7b03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 imagesloaded.min.js Show response
cofense.com/wp-includes/js/ 5 KB
2 KB 48ms
38ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:40:39 GMT
server: cloudflare
age: 18466
etag: W/"644051c7-15fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7c03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 webpack-pro.runtime.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 71ms
62ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2ae4a1938fe6071ac16a5d359018cf424002cc8e14f23fa9c43dd1f51d4fcc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:42 GMT
server: cloudflare
age: 527
etag: W/"645e6886-156d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce7f03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 webpack.runtime.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 53ms
44ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eceee9cbf2cb380924bf8ddcff80de363cf46f7dc35bb336bd2bd08af878bbe2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:45 GMT
server: cloudflare
age: 2244
etag: W/"645e6889-135e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8003a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 frontend-modules.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/js/ 45 KB
14 KB 57ms
48ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fbefccb4ad6c46120918789e367472752f9a20395e5bbf954ef3dc0f3e515ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:44 GMT
server: cloudflare
age: 527
etag: W/"645e6888-b263"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8103a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 wp-polyfill-inert.min.js Show response
cofense.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 68ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:39:59 GMT
server: cloudflare
age: 527
etag: W/"645d529f-1feb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8203a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 regenerator-runtime.min.js Show response
cofense.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 67ms
59ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:39:59 GMT
server: cloudflare
age: 527
etag: W/"645d529f-19cf"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8303a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 wp-polyfill.min.js Show response
cofense.com/wp-includes/js/dist/vendor/ 17 KB
7 KB 68ms
60ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:40:39 GMT
server: cloudflare
age: 527
etag: W/"644051c7-459f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8403a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 hooks.min.js Show response
cofense.com/wp-includes/js/dist/ 5 KB
2 KB 51ms
43ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:40:39 GMT
server: cloudflare
age: 9331
etag: W/"644051c7-132e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8503a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 i18n.min.js Show response
cofense.com/wp-includes/js/dist/ 10 KB
4 KB 77ms
69ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:40:39 GMT
server: cloudflare
age: 527
etag: W/"644051c7-27f6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8603a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 frontend.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 70ms
62ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.13.1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9eba9cdd7058e2a7ad28937e19dc6820a079e11ed1728903ceb27a42ffcc9ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:41 GMT
server: cloudflare
age: 527
etag: W/"645e6885-5f3c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8703a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 waypoints.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 63ms
55ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: W/"64405228-2fa6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8803a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 core.min.js Show response
cofense.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 62ms
54ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 May 2023 20:39:58 GMT
server: cloudflare
age: 18463
etag: W/"645d529e-53be"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8903a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 frontend.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/js/ 40 KB
13 KB 60ms
53ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25567e7b8a0698486afcba5bc45a909e308e0e161d906c63a570b46734751a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:44 GMT
server: cloudflare
age: 527
etag: W/"645e6888-9eb1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8b03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 elements-handlers.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 29 KB
7 KB 69ms
61ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.13.1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2a57e72f6430ea09c331789ed0d8e2b9b36dc11965b8e29629a7b7e4cbbec01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:41 GMT
server: cloudflare
age: 527
etag: W/"645e6885-73c3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8c03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 animate-circle.js Show response
cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 810 B
491 B 61ms
54ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js?ver=2.8.8
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 2244
etag: W/"64405228-32a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8d03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 elementor.js Show response
cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 18 KB
5 KB 65ms
58ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=2.8.8
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51445b2ccc8f515394b4750bd52fbc74089c3e894ec552a64fbc85c71a766f49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 527
etag: W/"64405228-4932"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8e03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.sticky.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 68ms
61ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.13.1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 4327
etag: W/"64405228-e89"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909066ce8f03a6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 lazyload.min.js Show response
cofense.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
3 KB 25ms
25ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:13 GMT
server: cloudflare
age: 3714
etag: W/"64405225-22bc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c909069ad4e9974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 p.css
p.typekit.net/ 5 B
186 B 102ms
13ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=zlo5wor&ht=tk&f=26014&a=103167865&app=typekit&e=css
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/cache/min/1/zlo5wor.css?ver=1684356703
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 18 May 2023 02:10:30 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 312 KB
101 KB 47ms
27ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1fdf9d9bc69a6a57c389f34746d9f4a8f78b43afe081852cbc78e8ec72f10b5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 102750
x-xss-protection: 0
last-modified: Thu, 18 May 2023 00:14:06 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 18 May 2023 02:10:30 GMT

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13ba7d85cedf2d5b14f9091119f9067689bdc33edde1d37a654787d416fbca34

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a6066a6d31e78435df4062a26c6f87e325ec23de535b95c65cb90e0ea570038

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c775a362bb8cfcb1f31682b2a1a017a05ea83016e5848a6ab3ae6c1de152ce94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d7cc8b6dd2abcbafc61918a074f96bef0698f9382e157d26ac719fbf36f1188

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86e5f383c43482b102b2dca93faab32637c7ccdbd5455e7840bbca7d8f57e0ee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4604ed4eb3e25b2aeb907e4ea907f2a44152ff2e7a867895b78018419ac26c0f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e517a35c5f569958a934efcb143bdbb42f9f3b8cdd11442aed95bf45716007f2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f93a6601c7d9a5a96205128c36fb3474e51689f791985f24447e7381cbab3e33

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01ab06a4f41a055192b9a7f49291e35e6b8fa4003ec4b461426e837aec3bd0d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 NETWORKHEADERBG-1.png
cofense.com/wp-content/uploads/2022/06/ 61 KB
61 KB 192ms
192ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cofense.com/wp-content/uploads/2022/06/NETWORKHEADERBG-1.png
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1684356700
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a878495e0cd07bbe654d5ca09dd53707b0349b326c229393df27696e92e255c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1684356700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 20:40:46 GMT
server: cloudflare
etag: "644051ce-f3bf"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c90906a8e519974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 62399

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 29ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 13 May 2023 06:05:37 GMT
x-content-type-options: nosniff
age: 417893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 06:05:37 GMT

GET
H3

200

/
cofense.com/
Redirect Chain

https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf
https://cofense.com/

149 KB
28 KB

181ms
181ms

Font
text/html

141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1684356700
Protocol: H3
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: 27e3a6edd675a54d8e2bdb8948cd14f49889b821856df2e552943ed2a30b86af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1684356700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
x-cache-group: normal
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 15 May 2023 13:20:08 GMT
x-cacheable: YES:2419200.000
server: cloudflare
x-powered-by: WP Engine
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-cache: HIT: 385
content-type: text/html; charset=UTF-8
cache-control: max-age=2419200, must-revalidate
cf-ray: 7c90906ade899974-FRA
link: <https://cofense.com/wp-json/>; rel="https://api.w.org/", <https://cofense.com/wp-json/wp/v2/pages/4>; rel="alternate"; type="application/json", <https://cofense.com/>; rel=shortlink
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: HIT
server: cloudflare
age: 3714
vary: Accept-Encoding
content-type: text/html
location: https://cofense.com/
cf-ray: 7c90906a8e579974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-solid-900.woff2
cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 76 KB
77 KB 200ms
200ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1684356703
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Request headers

Referer: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1684356703
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
etag: "64405228-13174"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c90906a8e599974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78196

GET
H3 200 fa-brands-400.woff2
cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
75 KB 206ms
206ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1684356703
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Request headers

Referer: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1684356703
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
etag: "64405228-12bdc"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c90906a8e5b9974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76764

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
11 KB 68ms
7ms Script
application/javascript 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Apr 2023 21:13:35 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "642c92ff-8319"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10492
expires: Thu, 18 May 2023 02:10:30 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 94ms
24ms Script
application/x-javascript 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=80558
accept-ranges: bytes
content-length: 4777

GET
H2 403 lt-v3.js
lltrck.com/scripts/ 0
0 315ms
98ms Script
text/html 52.73.0.225
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lltrck.com/scripts/lt-v3.js?llid=19612
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.73.0.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-73-0-225.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H2 200 2Uq3HoQoVZEHgHXXf288 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 182ms
157ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/2Uq3HoQoVZEHgHXXf288

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

80476f0a05718213d0e030326ae918679564695164f1768f19e982cb6f15b826

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7c90906b99aabb65-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 29ms
7ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Thu, 18 May 2023 02:10:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 oktrk.js Show response
static.oktopost.com/ 9 KB
4 KB 88ms
6ms Script
application/javascript 143.204.98.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.oktopost.com/oktrk.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-30.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 17 May 2023 23:58:27 GMT
content-encoding: gzip
via: 1.1 e6d97713eb9b65f883e0f86b833878dc.cloudfront.net (CloudFront)
last-modified: Mon, 27 Jan 2020 09:47:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 8195
etag: W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: tW2yrppCwnWGCfopGoMp2CE8AyCVGO2hQnaFEJyvAUJDOzzrzA57PQ==

GET
H2 200 28krvx2uf9n3.js Show response
js.driftt.com/include/1684376100000/ 220 KB
62 KB 279ms
222ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1684376100000/28krvx2uf9n3.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f02a485e9b6bf0fb3440dd6a7416f3693413a0b2727955f78f239c459cc789c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
x-amz-version-id: I6o.sKE_bgxcXARSPYssvurm96qI8KTV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Tue, 16 May 2023 17:01:07 GMT
server: istio-envoy
etag: W/"acadc8cb0364466910d866ff45907224"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hu54XZ4D-x9odaq-FDgs8wFEIUpkiPhgyaLPqhXAT4LyDfn9laQ6nQ==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 54ms
29ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 35923
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7c90906b98869156-FRA
expires: Thu, 18 May 2023 02:30:30 GMT

GET
H2 200 ed9ggbnvvo Show response
www.clarity.ms/tag/ 1 KB
2 KB 182ms
113ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/ed9ggbnvvo?ref=gtm2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: a1c171797fc8ac078efd2ca622e07b0cc14491ae3694359e73e34e2e86e223fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
date: Thu, 18 May 2023 02:10:30 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 20230518T021030Z-t2ux7wtkst6fv1ycy33cnd9r9w000000017000000000be18
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 265 KB
87 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

461774567dfde4b0d482aeb6a10845500143142b91c578b766a9fadbe073d9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 18 May 2023 02:10:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 35ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 18 May 2023 01:05:00 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 3930
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Thu, 18 May 2023 03:05:00 GMT

GET
H2 200 9017396.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 44ms
6ms Script
text/javascript 146.75.118.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/9017396.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.118.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-cache-hits: 54279
date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: gzip
via: 1.1 varnish
age: 18042434
x-cache: HIT
content-length: 5579
x-served-by: cache-fra-eddf8230065-FRA
last-modified: Thu, 20 Oct 2022 22:49:15 GMT
server: Apache
x-timer: S1684375830.379113,VS0,VE0
etag: "421e-5eb7f2274b0c0-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
x-vimeo-dc: ge
x-bapp-server: assets-769d499c7b-6rkpw
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Oct 2032 06:23:15 GMT

GET
H3 200 dialog.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/lib/dialog/ 10 KB
4 KB 175ms
175ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
etag: W/"64405228-29fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906baf009974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 nav-menu.3347cc64f9b3d71f7f0c.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 26ms
26ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3347cc64f9b3d71f7f0c.bundle.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2ac30455abb41bb5755983f23e4f7704b16b16de8212bc12df1ac1c811ec971

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:41 GMT
server: cloudflare
age: 3711
etag: W/"645e6885-1231"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906bbf049974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/js/ 1 KB
876 B 177ms
177ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.13.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed08f388b2864b8c7a4ef48fe5dd0fa252576b39a1816384bf014b6bf3f49d41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 May 2023 16:25:45 GMT
server: cloudflare
etag: W/"645e6889-550"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906bef149974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 share-buttons.0bdd88c45462dfb2b073.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 1 KB
805 B 171ms
171ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.0bdd88c45462dfb2b073.bundle.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61151904cdaac8598432e87f9c5e95615c79c260306fbedcec80e8f12b524e6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 12 May 2023 16:25:41 GMT
server: cloudflare
etag: W/"645e6885-4bd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906c0f249974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 load-more.c9f6aac03af905f4e206.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 22ms
22ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/load-more.c9f6aac03af905f4e206.bundle.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1832388238ca6cfbc25c5180b8be7b4e97d8fb24007fc419f28cae29eb38973

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:41 GMT
server: cloudflare
age: 3711
etag: W/"645e6885-15eb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906c0f269974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 posts.e33113a212454e383747.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
1 KB 19ms
18ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/posts.e33113a212454e383747.bundle.min.js
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc908815ecb3b75f4422d1d2320906191ce7c63daaeb1b4cd79279fe0ce06bc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 16:25:41 GMT
server: cloudflare
age: 3711
etag: W/"645e6885-cfd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906c0f289974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 cofense.png
cofense.com/wp-content/uploads/2022/06/ 3 KB
4 KB 19ms
18ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cofense.com/wp-content/uploads/2022/06/cofense.png
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c45f781964e97c179059fb620032eddab4a86bf8af6cd3f7460b2fa839fedb10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: HIT
age: 7320
cf-polished: origFmt=png, origSize=4036
content-disposition: inline; filename="cofense.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3568
cf-bgj: imgq:100,h2pri
last-modified: Wed, 19 Apr 2023 20:40:47 GMT
server: cloudflare
etag: "644051cf-fc4"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c90906c1f2c9974-FRA

GET
H3 200 Figure-1.jpg
cofense.com/wp-content/uploads/2023/05/ 115 KB
115 KB 280ms
280ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cofense.com/wp-content/uploads/2023/05/Figure-1.jpg
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2b161eb1b49e80c76e7dacf0e1d04e082aca311886ea99ec0177937e7c71768

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: MISS
last-modified: Wed, 17 May 2023 14:20:44 GMT
server: cloudflare
etag: "6464e2bc-1cb03"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c90906c1f2d9974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 117507

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 8ms
8ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Thu, 18 May 2023 02:10:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Sat, 26 Aug 2023 02:10:30 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
471 B 117ms
116ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1684375830502&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17654763
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdsGMLq7ypeYcsaMFPHzaa8nngVwFNT-XdOUgLQY_tQSGNLZhaKLfZr9iyq2vX-RWwdZEYGACx7mTT6EBznbv6ZC018e9aD6
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 18 May 2023 03:10:30 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 132ms
108ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1684375830502&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 18 May 2023 02:10:30 GMT
expires: Thu, 18 May 2023 02:10:30 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdsSZPhEXgckGHBMICjrDc6tPnUb-3ITK0BNMSmTzVUtlAAGmYNoMvvOWvZm6_UuT1Z2NiEdpW7nos04ALMdFChGHivr0rB3

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
813 B 71ms
13ms XHR
application/json 185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 18 May 2023 02:10:30 GMT
AN-X-Request-Uuid: 67862cf1-da7c-4e0b-9c08-6826d9d3d259
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://cofense.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.69; 217.64.151.69; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
199 B 31ms
8ms XHR
text/html 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://cofense.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
334 B 84ms
14ms XHR
text/html 2a02:26f0:3400::215:4f28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400::215:4f28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 52a661be3553acef0460eeba36501d715812dbce60cd805e283556405bafcd87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://cofense.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:20:3d00:1012:a225:57d7:bdea
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467882_34950948_111565698_22_978_11_0";dur=1
content-length: 36
expires: Thu, 18 May 2023 02:10:30 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
199 B 29ms
9ms XHR
text/html 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://cofense.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
334 B 82ms
13ms XHR
text/html 2a02:26f0:3400::215:4f28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400::215:4f28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 52a661be3553acef0460eeba36501d715812dbce60cd805e283556405bafcd87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://cofense.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:20:3d00:1012:a225:57d7:bdea
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467882_34950948_111565699_19_968_11_0";dur=1
content-length: 36
expires: Thu, 18 May 2023 02:10:30 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 35ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je35a0h1&_p=134779332&_gaz=1&cid=548345462.1684375831&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1684375830&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&dt=Threat%20Actors%20Impersonate%20Email%20Security%20Providers%20%7C%20Cofense&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
242 B 61ms
20ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3G76T4W3LR&cid=548345462.1684375831&gtm=45je35a0h1&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 39ms
17ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3G76T4W3LR&cid=548345462.1684375831&gtm=45je35a0h1&aip=1&z=1209565377

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping Show response
okt.to/ 0
100 B 737ms
110ms Script
text/javascript 52.20.195.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://okt.to/ping?uri=%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&aid=001shx33p56dsdg&ts=1684375830555

Requested by

Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.20.195.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-20-195-32.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
strict-transport-security: max-age=31536000;
content-type: text/javascript;charset=UTF-8

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/300721/domain/cofense.com/ 36 B
375 B 26ms
8ms XHR
application/json 2600:9000:20eb:b400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/300721/domain/cofense.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:b400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:01:03 GMT
content-encoding: gzip
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 567
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: l5Fx3gU9RmePoR4H4vANwIRvNwdqC48FUr094EgL5-W2PrHKeWg05Q==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&t...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&t...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1684375830560%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&t...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&...

0
480 B

203ms
177ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQIPMsZZzHR9NgAAAYgsn4RrDnsyKznEMSyproJepkxM7taZYzB-P5oYx964B8rW7yJ7fX-xVEfa0GZbAsD-urOX7x4VIQ
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A83D1EB525994F258B93689FC8F222B6 Ref B: FRAEDGE1806 Ref C: 2023-05-18T02:10:31Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lor1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX77k8gRAXlVYpqss2/DQ==

Redirect headers

date: Thu, 18 May 2023 02:10:31 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 61A7D9412D1344498312D70B2378DA6A Ref B: FRAEDGE1707 Ref C: 2023-05-18T02:10:31Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1684375830560&url=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQIPMsZZzHR9NgAAAYgsn4RrDnsyKznEMSyproJepkxM7taZYzB-P5oYx964B8rW7yJ7fX-xVEfa0GZbAsD-urOX7x4VIQ
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX77k8dLyw0WDMTDdLMmQ==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 35ms
21ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-114787942-1&cid=548345462.1684375831&jid=1035632805&gjid=1081400757&_gid=757011283.1684375831&_u=YCDAgUABAAAAAEAAI~&z=2052441614

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 18 May 2023 02:10:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 7ms
7ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&aip=1&a=134779332&t=pageview&_s=1&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&ul=en-us&de=UTF-8&dt=Threat%20Actors%20Impersonate%20Email%20Security%20Providers%20%7C%20Cofense&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgUABAAAAAAAAI~&jid=1035632805&gjid=1081400757&cid=548345462.1684375831&tid=UA-114787942-1&_gid=757011283.1684375831&gtm=45He35a0n815RQ37KH&z=265098068

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 May 2023 07:07:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68585
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Figure-2.png
cofense.com/wp-content/uploads/2023/05/ 10 KB
10 KB 180ms
179ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cofense.com/wp-content/uploads/2023/05/Figure-2.png
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d6f23c3da43351a928c1cbdf13e636cf89eea279953f2a047d075e907a92143

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
cf-cache-status: MISS
last-modified: Wed, 17 May 2023 14:20:55 GMT
server: cloudflare
etag: "6464e2c7-26eb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c90906d1fbe9974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9963

POST
H/1.1 200
OK visitWebPage
404-jhu-612.mktoresp.com/webevents/ 2 B
318 B 791ms
104ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://404-jhu-612.mktoresp.com/webevents/visitWebPage?_mchNc=1684375830588&_mchCn=&_mchId=404-JHU-612&_mchTk=_mch-cofense.com-1684375830588-97094&_mchHo=cofense.com&_mchPo=&_mchRu=%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Thu, 18 May 2023 02:10:31 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: ef61bb82-ed27-4dc6-873e-19e34d632c5f

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 211ms
195ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=0514e93a-3ecc-4adc-8a8a-77c412199c6b&session=0f544c50-f281-4871-807d-3321fbac49f6&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22a9e769d7d96a596f969b9dc5023033e21a69bf40%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2018%20May%202023%2002%3A10%3A30%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Find%20out%20how%20threat%20actors%20use%20malicious%20HTML%20attachments%20to%20impersonate%20email%20security%20providers%20%26%20steal%20user%20credentials.%20Learn%20more%20about%20this%20alarming%20trend%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Actors%20Impersonate%20Email%20Security%20Providers%20%7C%20Cofense%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&pageViewId=464860e1-d295-454d-8fae-b072c4099fd4&an_uid=0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.8/ 57 KB
24 KB 47ms
47ms Script
application/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.8/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/ed9ggbnvvo?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
last-modified: Thu, 11 May 2023 16:13:04 GMT
etag: W/"0x8DB523A9A0D7A32"
vary: Accept-Encoding
x-azure-ref: 20230518T021030Z-t2ux7wtkst6fv1ycy33cnd9r9w000000017000000000be2k
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 15e7c5a9-a01e-005f-3168-869ae7000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 206ms
205ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=0514e93a-3ecc-4adc-8a8a-77c412199c6b&session=0f544c50-f281-4871-807d-3321fbac49f6&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3d00%3A1012%3Aa225%3A57d7%3Abdea%22%7D&isIframe=false&m=%7B%22description%22%3A%22Find%20out%20how%20threat%20actors%20use%20malicious%20HTML%20attachments%20to%20impersonate%20email%20security%20providers%20%26%20steal%20user%20credentials.%20Learn%20more%20about%20this%20alarming%20trend%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Threat%20Actors%20Impersonate%20Email%20Security%20Providers%20%7C%20Cofense%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&pageViewId=464860e1-d295-454d-8fae-b072c4099fd4&an_uid=0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 share-link.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 23ms
22ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.13.2
Requested by: Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
age: 3708
etag: W/"64405228-a3c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7c90906d5fe99974-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 40ms
17ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-114787942-1&cid=548345462.1684375831&jid=1035632805&_u=YCDAgUABAAAAAEAAI~&z=624774206

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 21ms
19ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-114787942-1&cid=548345462.1684375831&jid=1035632805&_u=YCDAgUABAAAAAEAAI~&z=624774206

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 726 B
571 B 26ms
10ms XHR
application/json 3.124.207.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.207.209 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-207-209.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9caa51975dc97351ceb4e544fab746be9aee637db3095652a84b8dc68241e6ec

Request headers

Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
Authorization: Token a9e769d7d96a596f969b9dc5023033e21a69bf40
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:30 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cofense.com
access-control-allow-credentials: true
content-length: 389

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 38ms
8ms Preflight 3.124.207.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.207.209 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-207-209.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://cofense.com
access-control-max-age: 1800
date: Thu, 18 May 2023 02:10:30 GMT
server: nginx

GET
BLOB 200
OK f9a714c5-7048-4e90-8da5-7a16cce3fbe7
https://cofense.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://cofense.com/f9a714c5-7048-4e90-8da5-7a16cce3fbe7
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 core Show response
js.driftt.com/ Frame 2D51 2 KB
1 KB 128ms
128ms Document
text/html 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1684376100000/28krvx2uf9n3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

83f60653bab6c200949723e51919debe0654cc245a67ef4931e7fe9cd9ed7573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cofense.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 18 May 2023 02:10:31 GMT
etag: W/"460804a9bdb6a270a8b17c3d6982d09c"
last-modified: Tue, 16 May 2023 17:00:51 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-id: GgBB97L-iBbAiZs2iMmuyPcpSJ6MGb_GuvGfhbp3EO-LZ8vAMkRoFg==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: HhqMPNYVkjb9FUUDwuXpQCLNULwD_N0.
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 chat Show response
js.driftt.com/core/ Frame BB61 2 KB
1 KB 118ms
118ms Document
text/html 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1684376100000/28krvx2uf9n3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

83f60653bab6c200949723e51919debe0654cc245a67ef4931e7fe9cd9ed7573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cofense.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 18 May 2023 02:10:31 GMT
etag: W/"460804a9bdb6a270a8b17c3d6982d09c"
last-modified: Tue, 16 May 2023 17:00:51 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-id: wJoRcfBosELPy4UInAmWZpGdJMDbWejhWlC8OsaW-N3-RTFUsroIdQ==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: HhqMPNYVkjb9FUUDwuXpQCLNULwD_N0.
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
291 B 437ms
234ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cofense.com
Date: Thu, 18 May 2023 02:10:31 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/H3wWDXLUxD4irieG/ Frame 8333 6 KB
3 KB 380ms
122ms Document
text/html 52.70.128.149
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.70.128.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-70-128-149.compute-1.amazonaws.com

Software

nginx /

Resource Hash

62062fcb3c6616ca89680937f8d8f3bc6560e8090f33121891b7cd93bb1daac3

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cofense.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1686
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Thu, 18 May 2023 02:10:31 GMT
Etag: W/"62062fcb3c6616ca89680937f8d8f3bc"
Link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (e46a9e002bdb)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 91fef0d1-fba9-9811-7441-359bfd8ff85b
X-Runtime: 0.018636
X-Xss-Protection: 1; mode=block

GET
H2 200 runtime~main.ab54bfc8.js Show response
js.driftt.com/core/assets/js/ Frame BB61 6 KB
3 KB 7ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

44f85e2f0d0e5c80e0f8423d26cf06f16dd5c1d1979e99338fef230276f26b7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:00:50 GMT
x-amz-version-id: Gs1OcaZBZkTyTnNaGBA1dnP1qbjFcqTl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 119381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 16 May 2023 16:27:54 GMT
server: istio-envoy
etag: W/"dab9520cee082d589e7870b51998498a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mYq4hx_E7ZA3B8gasxgkoSQcpgo3bVe-unOTDV-5JaUDEWGa_8U24w==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 35 KB
13 KB 7ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 9535535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Rg6TJO0h0coDvt2d9znwJ_GyEF-fJxXZIGOcaQx1U5GyvbN6NoyetA==

GET
H2 200 main~493df0b3.8b2c72a3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 7 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.8b2c72a3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

51b22cb9ab468340f75df2f2e64986bc0281f98e3a01929c1fd42e4715572b17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: PEKJf28yFXtQsHpFTSgRcYwUyvcrWHpZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Thu, 11 May 2023 20:21:38 GMT
server: istio-envoy
etag: W/"fbe50ae663ea71c43233c4d8a81585e0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YBSrx_WsflS7YAVydD6rpooBK9HaPN0FuW8fq7Rbr4KFF-B9KrXb_Q==

GET
H2 200 runtime~main.ab54bfc8.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 6 KB
3 KB 6ms
4ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

44f85e2f0d0e5c80e0f8423d26cf06f16dd5c1d1979e99338fef230276f26b7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:00:50 GMT
x-amz-version-id: Gs1OcaZBZkTyTnNaGBA1dnP1qbjFcqTl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 119381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 16 May 2023 16:27:54 GMT
server: istio-envoy
etag: W/"dab9520cee082d589e7870b51998498a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tWOJU-8cVj9d0v9tuDly6A1Q5Y-axfCXPOAMbuki2F_e1wUYNb4Uxg==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 35 KB
13 KB 8ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 9535535
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OEiRJPfK6zWlnZz6Hjv8C_T8y4P4c7h1ic7ZhKdNNBj5ww4hLM5nbQ==

GET
H2 200 main~493df0b3.8b2c72a3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 7 KB
3 KB 9ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.8b2c72a3.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

51b22cb9ab468340f75df2f2e64986bc0281f98e3a01929c1fd42e4715572b17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: PEKJf28yFXtQsHpFTSgRcYwUyvcrWHpZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Thu, 11 May 2023 20:21:38 GMT
server: istio-envoy
etag: W/"fbe50ae663ea71c43233c4d8a81585e0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FQyUPofV4Hk1AKBk8tY99AMqOxRBdoIXEBSe66cb13G09l_DcTHf2g==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 23 KB
8 KB 6ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: E9kltLe7negE4reDnM86vmSO8flAP8Mx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5dQnAHfvqie8xMs9NHK7vBP6f6BpAVwvNUdfShDtdzIF2LjSkyVvjw==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 36 KB
10 KB 7ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: A8YnNnv0zvQLQLfIS87dPAZbci1RhGvy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VlUgXsY70UKABqNU20dnbu_ZVXno6FCakbxgE5vdgEQ_ui2glN-aVg==

GET
H2 200 24.6f929cdc.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 32 KB
11 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.6f929cdc.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f1e39af91d28d968e99e2b2d684b8a3cff1132aa980e11911b9951bf66aee4ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: fQLwqKmJZHArbdOov5qZMXdG2CESWzan
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"cde6235e62d8e8a559e1510d9a2b5821"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: db1LTyJbvzYjqovlciOxcYU2zonoM429GzyFsAgPj-mmkgj7_FVzPA==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 17 KB
6 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: 9PfxVnD.fRTQs.fTz8K5lFoBCy3X8z2_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NkzZp-DDc5PurnNZtPUd1rNqBzxY--gbO_R7P-kuq_T2sQ1IUOb9Xw==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 25 KB
8 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 11 May 2023 22:03:09 GMT
x-amz-version-id: q7Xb4J36R1GKt.Ug3gWeAZysjQcLRWzw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 533242
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 47
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: V82gr2coaVkSpbWXWmLnY6MwhyIAxoo7S3ttBhgihnDfsehipsGp5w==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 74 KB
23 KB 9ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 11:53:35 GMT
x-amz-version-id: DvU1VknvadEMM0li2kjSs2rGEgsC.2zC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 27267416
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n6zVKLwqijwkW81Cvg_P-ZV0T_mqprdBkAVt_iorJTucrutER5F5mg==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 66 KB
20 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: 97ST2S5xHTQ0Pf.V8eTLi6azYlYYnqG7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7NB3UKEvs87dOchfDHgKsha85Xu1YpsGqC46cqlkXa3WCTqpbD3v8A==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 91 KB
28 KB 13ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: 8J_1AN4L8lY0Ida5MThLOMba8PExoHOk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 43
last-modified: Thu, 11 May 2023 20:21:35 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ko6CXWxIKd5yUaNT9B8vNZ8hcciuypIV_vzWSR9IR0cLLwuY6AsMmQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 23 KB
7 KB 16ms
16ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 01:32:02 GMT
x-amz-version-id: 41Rj_7QKP59w2WnODlMWAa6QFTo_5uBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 20911109
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 16 Sep 2022 16:12:57 GMT
server: nginx
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yqk2QFDTi2X4iR0LB9PF3J6QYLAHiN51TJZuRwXTI8b1xCn5cd6Dug==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 62 KB
20 KB 17ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: sQdksC6dT90RaCfa7wT.pTeBi0ASE0ht
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BpbS7WgGNvgZY19ufYlT8PnP6_yw3cp84-tYcdBYqRHUH7EchGj5hQ==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 105 KB
34 KB 18ms
18ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: rTKdJ4hd1xCIsZvhhjkDteU3Ylu7OGXA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ylrk91Shfbtzf3Fst2AYe53wjI3HEd2c-oWGScW9ELHDSJbjPmBUmQ==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 12 KB
4 KB 20ms
20ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: fL1eyhJAjeOMoBgQxCtiwy6lvY0w86hR
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ex_kYLuLX1ommIjlkFRgXM2R1RUmH6b5GYEyKtFh2RH2MNxSUxNDqA==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 13 KB
6 KB 21ms
20ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: ktjFJTHiHgiUDp5.chrerIF.d24_2JS7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4gwXOyGonW2tsKm1R3dE4XZfmWID2zYIPUduQ6bUbsQ25gm-bZn5nQ==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 17 KB
7 KB 21ms
21ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 08:03:19 GMT
x-amz-version-id: z8bmIwYFmpSlRsBZppbuF.O9_1BnvlVI
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 14666832
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Mon, 28 Nov 2022 20:48:10 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Zrgwrl7kdWHh9vMDBfQOVkQ7hteVIhhSi244HDuwMcc8kZ_1Y9TJsg==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame BB61 31 KB
4 KB 21ms
21ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: VVmRYVfWzfnQFnbpiv16i6emJpGcKYd1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hrQM0n_HleAkrAEFPk7ibs2aoFGIXcGTQxII0ca0txmiNm1YZeeEdg==

GET
H2 200 8.1a671069.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 80 KB
25 KB 23ms
22ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.1a671069.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d7ef6955aa3b222a31d53ffe3539830d54c42b7c5febbb07af66916c2990fa03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: JHa0IBzx94tDV86opaSbaDc3jfrm75gZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"1142e98e1058b85af4aab699764ca06c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _mAsjpUgrC5R7qoCfNggLSWlccVZ_PHgzFn8WKdvAmEo6AdOhUiIFA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame BB61 24 B
697 B 23ms
22ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jWWR0ie3YCo9xVLNMN4HUZSPT351YhJcuq-p4RdWYjV8n5R_vLJktA==

GET
H2 200 16.edda9a9a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 91 KB
23 KB 24ms
23ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.edda9a9a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

79d13301496a9ab684dd4a4ce0d647b8ba2da98e2f6a369ab7858ec46fbf3c9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: k0dhUf7rYYMdaxr58e_z4IoysXIEsSnm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"811ba8544eb8b9f726d69ed50bba3299"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MqyXbArQ8eXzn3TpZS78hib-zOxLCN80HiBHBAGg6yLEMRDHLTh_4A==

GET
H2 200 25.c7618a3d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 50 KB
14 KB 25ms
24ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.c7618a3d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c3e55b0fbe6b73de12d128f91dd2b71a7ecf0a0c912a6d3464c76f2ccdbf5586

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:00:50 GMT
x-amz-version-id: 01jKGSZMYgwjW11ZsoXgOls1WtEUI5g5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 119381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Tue, 16 May 2023 16:27:52 GMT
server: istio-envoy
etag: W/"1aec851b1ae4037e645370bae1ad7e0f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7yVoZK-mxlDVy4DR8uhZWjonlcgpWJk7kEFrt5IH301rbM_lbstmDQ==

GET
H2 200 17.c0c63f9f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 40 KB
13 KB 25ms
24ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.c0c63f9f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

aef9a78e8807b45938115601cbfbbfd7444f2c2fa128bd0c464423b120238aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:00:50 GMT
x-amz-version-id: H8akFF_iPuarCoCYASksKNZgACWxCTkz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 119381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 16 May 2023 16:27:51 GMT
server: istio-envoy
etag: W/"4c724f888846fd41eab91fe330f91ca7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Yl1WTg3vgJeERNE2CtEoL5jYQDVCQZohqP4XXbOWwOWRqifYp-WNlQ==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 23 KB
8 KB 22ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: E9kltLe7negE4reDnM86vmSO8flAP8Mx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jz93hTVjq16KyQOagd6gfbkZ1tI3OrEDHsWp0ebgpHHl4h1JOBiNtA==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 36 KB
10 KB 22ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: A8YnNnv0zvQLQLfIS87dPAZbci1RhGvy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6H-pvbypkyN_6K1EznXMTd_Yiz5nk7z79zNao5jfbuPE5oFpLSL20w==

GET
H2 200 24.6f929cdc.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 32 KB
11 KB 23ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.6f929cdc.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f1e39af91d28d968e99e2b2d684b8a3cff1132aa980e11911b9951bf66aee4ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: fQLwqKmJZHArbdOov5qZMXdG2CESWzan
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"cde6235e62d8e8a559e1510d9a2b5821"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vMr8J0UBXbp7zeWhqGnz_6KV0i1_C-WitE5gCA5zNwU4kTJGGSxQEg==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 17 KB
6 KB 24ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: 9PfxVnD.fRTQs.fTz8K5lFoBCy3X8z2_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SYmvf_iqgmYuq6T2sKtvCu1fVXVjqoT0i_uHmtmaPBUuBLW_aSr_Mw==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 25 KB
8 KB 24ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 11 May 2023 22:03:09 GMT
x-amz-version-id: q7Xb4J36R1GKt.Ug3gWeAZysjQcLRWzw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 533242
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 47
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _dns-ggmmLxkxbc-N-w7WMn27LzS0XM8C62X3jHB1MvW1nD7yWE27w==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 74 KB
23 KB 25ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 11:53:35 GMT
x-amz-version-id: DvU1VknvadEMM0li2kjSs2rGEgsC.2zC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 27267416
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GYlSB8KDoBBI-AWvIp3K_ztP5jwVtcO_gAQx1-9KsvV-phLS25vJZw==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 66 KB
20 KB 25ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: 97ST2S5xHTQ0Pf.V8eTLi6azYlYYnqG7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: r9qhWIkjL7PmouV_2-hQAxxWwLR61aAd8Ae47kYJqumj45Fej__vDg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 91 KB
28 KB 26ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: 8J_1AN4L8lY0Ida5MThLOMba8PExoHOk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 43
last-modified: Thu, 11 May 2023 20:21:35 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TVtZ12KBch45HWonUoaZ59vjk9Fj_wg5rFMziukXqjc4gwGSOPiS8g==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 23 KB
7 KB 26ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 01:32:02 GMT
x-amz-version-id: 41Rj_7QKP59w2WnODlMWAa6QFTo_5uBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 20911109
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 16 Sep 2022 16:12:57 GMT
server: nginx
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mEFyE_zTY6-be0Z-B3gyLoKMdYuGSkBo7RkTHvlj8QX1mZnxac4Aaw==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 62 KB
20 KB 27ms
12ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: sQdksC6dT90RaCfa7wT.pTeBi0ASE0ht
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DbkxeeZsJFCJpq3uVWJ7nQ0rVPLMst9D9inxC8FPFhD2RnHkffaSiQ==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 105 KB
34 KB 27ms
12ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: rTKdJ4hd1xCIsZvhhjkDteU3Ylu7OGXA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hco30jxCgTzJCLR1kEIUdQt2DRPIazGw3EnH_A-4JWMEtyuq63U1xg==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 12 KB
4 KB 28ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: fL1eyhJAjeOMoBgQxCtiwy6lvY0w86hR
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kt_U7s6E5N5ZdNV87oTGRUvdxqojE1kpjRrIyEddN2nNSf-Ixq6OfQ==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 13 KB
6 KB 29ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: ktjFJTHiHgiUDp5.chrerIF.d24_2JS7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kLBmGKwSft9BhOrTpuWEBAlXfkGrrxxHCcZeSvTP_gRb_xrRGfqUcg==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 17 KB
7 KB 29ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 29 Nov 2022 08:03:19 GMT
x-amz-version-id: z8bmIwYFmpSlRsBZppbuF.O9_1BnvlVI
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 14666832
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Mon, 28 Nov 2022 20:48:10 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3mhn6GYe8JR06nIpv1WdKtrWvlAeP9sRJyqGgnug7iHqaikK0Jjlaw==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 2D51 31 KB
4 KB 18ms
4ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: VVmRYVfWzfnQFnbpiv16i6emJpGcKYd1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1mueJ8IHiMNDCo2fRDe-uGCo-cAG8_ahyeIjF8h7MzoelQhZRprxKw==

GET
H2 200 8.1a671069.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 80 KB
25 KB 29ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.1a671069.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d7ef6955aa3b222a31d53ffe3539830d54c42b7c5febbb07af66916c2990fa03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: JHa0IBzx94tDV86opaSbaDc3jfrm75gZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"1142e98e1058b85af4aab699764ca06c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ULblC_6HimpMfNrr36c19awIhmo97Ifwipo7QKzmKvGVO79lsVxiOg==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 2D51 24 B
696 B 19ms
5ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RCiK_NIcDSiKNePEUzF9qKN-tBoAqpBksJTeEg8B_qhrBbvICa8sZg==

GET
H2 200 16.edda9a9a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 91 KB
23 KB 30ms
16ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.edda9a9a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

79d13301496a9ab684dd4a4ce0d647b8ba2da98e2f6a369ab7858ec46fbf3c9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: k0dhUf7rYYMdaxr58e_z4IoysXIEsSnm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"811ba8544eb8b9f726d69ed50bba3299"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TfazyXoMGSuOnhvuuz0gx_GTvQDtlUh120VLVkSnq56pNfQCND_qqw==

GET
H2 200 25.c7618a3d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 50 KB
14 KB 31ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.c7618a3d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c3e55b0fbe6b73de12d128f91dd2b71a7ecf0a0c912a6d3464c76f2ccdbf5586

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:00:50 GMT
x-amz-version-id: 01jKGSZMYgwjW11ZsoXgOls1WtEUI5g5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 119381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Tue, 16 May 2023 16:27:52 GMT
server: istio-envoy
etag: W/"1aec851b1ae4037e645370bae1ad7e0f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HGhRp1vGLm8pOk87RZfd-Zjr8a8UA0Kfx34gQ84ndH50gLQW-Q0Eyg==

GET
H2 200 17.c0c63f9f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 40 KB
13 KB 31ms
18ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.c0c63f9f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

aef9a78e8807b45938115601cbfbbfd7444f2c2fa128bd0c464423b120238aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:00:50 GMT
x-amz-version-id: H8akFF_iPuarCoCYASksKNZgACWxCTkz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 119381
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 16 May 2023 16:27:51 GMT
server: istio-envoy
etag: W/"4c724f888846fd41eab91fe330f91ca7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ApUCW6J5pGLpWQJDwqwO6hQhqwMNTYC_T4F2lIyXFkTkITIUkFh0Ow==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame BB61 3 KB
1 KB 7ms
6ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: G5rA3YuA.xdLgBVBAaM97qFBrhcbsReD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: O51Bj_tYPoGk55J6he0KsuK_GLWkctxo0krXWEodeJUgYai36hwbFw==

GET
H2 200 37.298cbb69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 3 KB
2 KB 7ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: YOxQezNRtY7ITBDySuoqINrKXBrEQzL4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"86b289eeb2bf9d30034f30d9794e8041"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ggKcdsjCzTWFd0QrLPivRrFEXvXvPe43EBG_Bp3P1DAuv8YYhnQCbQ==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 196ms
196ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 9 KB
3 KB 6ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 07:22:55 GMT
x-amz-version-id: FbY0009UR6SM8SEWGeJjbUjChZiwlwq2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4646856
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Fri, 24 Mar 2023 15:27:29 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5meu7vZXPHdw98lXOfpEHSNm4WEqXQfHn0JzYKMU0Jk0LqOajeY3jg==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 35 KB
10 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: EDFxPbC2SIjngwRCXMB6ypTc_CmOfkX5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3u-NpgTTNWaUSPj2dwB0O2YFgD7G7xTiopjUtz68sY0Zi2o290GpHQ==

GET
H2 200 28.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 2D51 8 KB
2 KB 7ms
6ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: Ldzhp6UG4sNenaZenxeK_0DV8yNjPJwN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 28
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SmwrPB_-MIw8JVb0dwLV0rz9qVDZ1uCDhwcQh8OKeCtA3ktpbKFf0A==

GET
H2 200 28.b06e405e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 14 KB
6 KB 9ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.b06e405e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

22401c003c78aad72366e7e2b3592d82cbc8a474ec7f5b15639613a77641b23a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 11 May 2023 22:03:10 GMT
x-amz-version-id: b3zMelvbuV9qXKrmIrH4KdyR7bAi_3Vs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 533241
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"8f4ed18a2ffae20429fa69b370366a12"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yxSebfbkhUtHCvLqmbjrFMJAYxi8xQ_6qYeg1sGj6zxMco2xKwGZCg==

GET
H2 200 22.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 2D51 365 B
1 KB 10ms
10ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/22.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: zNWcsE.uoNstLbMM0Pr_Cj3l_NH4JluZ
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 28
content-length: 365
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uxWOOtV_SePqIKY3KMiqXc-DTrJ9j523--TsSGBZl0otHsaxsEwAgQ==

GET
H2 200 22.1fc836ee.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 91 KB
25 KB 11ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.1fc836ee.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c150f647bb99e5bb3b09fb9886e7abf01acdcceb46053dc6bddbcc1dbac9727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 15:34:18 GMT
x-amz-version-id: r5pK8HlxbxlfWBy8lwuQGQ8nQbARr5Un
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 470173
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 12 May 2023 15:27:54 GMT
server: istio-envoy
etag: W/"1cf776e90d0dc780e75cc865afad25c7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: i1CUgVAK_v0kGH6cI3kVaJW1ZVOb_RX90gbU4SWRobqTElksN2dsJA==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 9 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 07:22:55 GMT
x-amz-version-id: FbY0009UR6SM8SEWGeJjbUjChZiwlwq2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4646856
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Fri, 24 Mar 2023 15:27:29 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8Pb7_vLYPQsDWnoyQZYPjz--wXApiM7nTxvg3tcIRDPplk5jUXQCXA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame BB61 7 KB
2 KB 10ms
10ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 08:09:51 GMT
x-amz-version-id: a6aW3pFI8jDJfd5Fzc5RXPW1PSDB8w30
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3520840
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 56
last-modified: Wed, 05 Apr 2023 19:06:46 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: msskiZ2-uJ21kyyatd7HrMpcLZGAtggSH8HUGWSxC2g04rzDgsYoaQ==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 54 KB
15 KB 11ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 02 Apr 2023 13:04:52 GMT
x-amz-version-id: TZgR.kF9jQEw5fwgp1aPwIBAWqAwmYWG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3935139
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: onifbWIWTFkRsBUba7IDgKVSvXbLUZ_XDr4GPiUjIzEPl5BY7n7ucA==

GET
H2 200 1.02a6af84.chunk.css
js.driftt.com/core/assets/css/ Frame BB61 44 KB
7 KB 12ms
11ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.02a6af84.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:50 GMT
x-amz-version-id: 2mFqsYPgAFu7IBkViFaO6MCHTOONwEvX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4123361
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 31 Mar 2023 03:20:34 GMT
server: istio-envoy
etag: W/"295093fc512c5e44a90c3c28242de8ae"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gq0htwLOQ497PHXF-VeuX9dncRFrVot6HhoXzxX-N_3FHS9OfIGYEw==

GET
H2 200 1.60b53d7b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 53 KB
17 KB 13ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.60b53d7b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3f9975dcb021180e0dd69d696757cef5b76fb963697bbcfbaf87b0acaa213f76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: v03JXVSwGdkZkuBk1hxXiG8rD6IQlF88
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478858
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 11 May 2023 20:21:35 GMT
server: istio-envoy
etag: W/"94d2dcaadbc49291b972764dcdd3f531"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0aj765ghhEOyg0StXIJiMK8NGR_NKFs6SmaIveO4V2mv4-51RKY2kA==

GET
H2 200 4.b4477698.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 23 KB
10 KB 15ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.b4477698.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: 0s5HvDu7I8ZUWeiRZtf_7BJNbUsVlUik
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3649238
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"ec2b0368f8359c0e46e2bfb9cf8e79ef"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zYzPLPWFv-ZOMTn9l7HrPbwGMCf8hcnvXsGijXrgrn1zNh2LfyHwCQ==

GET
H2 200 34.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame BB61 14 KB
3 KB 14ms
13ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: xxp3nzgzD4Kk8mOGrOfNqLRKvTTi.6QJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 57
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UfNJ3tULEdo-mEya2xRmkmlg0LU4L0HkzrFPZpElB9IHhwREYWjc0g==

GET
H2 200 34.a099776c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 12 KB
5 KB 15ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.a099776c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

17d79e1bc3fb327894fe4611b2551527a6face62f87403e7bc93fe974cad0c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:32 GMT
x-amz-version-id: BuU8KyhN2S8xl_VUHjSrb0n0eiDbFcYH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Thu, 11 May 2023 20:21:36 GMT
server: istio-envoy
etag: W/"a8086e66cb80597ddcb23c26e0440f15"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: P1V5O7PkyT_whn6prIN4MUTuDZw4KmSpZkHH-P_I7PsvfrgYn8-HgA==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 2D51 161 B
601 B 364ms
108ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

814d45cce5caa5b45bc44934f24e210c64cb36ba1438a14d40ad7d23784e78e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 610e297a919a8987
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 161

GET
H2 200 messenger-94e6eccc.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame 8333 35 KB
7 KB 35ms
15ms Stylesheet
text/css 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: daLXmdTd7lSSwyN3TtNTe8fuzDY4LP3Y
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 01 Feb 2023 01:20:28 GMT
server: cloudflare
x-amz-request-id: E501B33MWCQ7P46M
age: 6642
etag: W/"a788ecf510f83ee517cbaf79306145dd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7c9090747faa381b-FRA
x-amz-id-2: uGsUgexNCF/Jz+89nmMYNIMfcSSSNQrQ+lpld4pD/7xQlFIVTyM6X2G3A+8k7y8WmNRxtMbqOF0=
expires: Thu, 18 May 2023 06:10:31 GMT

GET
H2 200 messenger-84a66aeb.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 8333 5 KB
1 KB 35ms
16ms Stylesheet
text/css 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: h8ucmJiFt84zH1W0e6Ruobtgt6ETiM19
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: Y2BVRYP7FPAERKM7
age: 3517
x-amz-server-side-encryption: AES256
x-amz-id-2: G5Fz/ZqHCohFcbpRLtAmNf/T4WbOA2yuBeH/dNsf4gIFzBblm+9m6gwN9exnz5Fr5isDJ17qS+A=
last-modified: Thu, 27 Apr 2023 00:02:34 GMT
server: cloudflare
etag: W/"22d5f23e695250d3c5a5b1e76a015c5e"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7c9090747fa9381b-FRA
expires: Thu, 18 May 2023 06:10:31 GMT

GET
H2 200 messenger~runtime-c6a521c732f6c3137f9f.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame 8333 2 KB
1 KB 28ms
16ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-c6a521c732f6c3137f9f.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bbb0066348fce96f69e00f87acf0c1990e445ef355554933be086eb68130ce4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: 1puFxKO_xNnWWVxMz9uZrluoj5UIzPUU
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 7JGW8EZR5R48Q7WZ
age: 6233
x-amz-server-side-encryption: AES256
x-amz-id-2: OztxNn2kiADvvCfN7Ceo/sVCuRH7IKoKODp0O/kgr1E60tWQysQAUBFCULIhBF4iD69eAYO64JM=
last-modified: Thu, 18 May 2023 00:23:40 GMT
server: cloudflare
etag: W/"2c59ff168a82fb78a4f39f6c5788c778"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7c9090747fad381b-FRA
expires: Thu, 18 May 2023 06:10:31 GMT

GET
H2 200 messenger-7893581232a37394b2e8.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame 8333 1 MB
342 KB 28ms
17ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-7893581232a37394b2e8.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b92bc329c275b04d571cf6e800eb9f8d7351439064538f6190f1456962e37e64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: _yzlQwtZ6DooG53Ir66PdOCazyUInD1I
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: S3DE7CYMEM8VSGNY
age: 3046
x-amz-server-side-encryption: AES256
x-amz-id-2: +35g+CqHtt3CYFfSWuyqaoYukh0cam+yu7CnA4mM8Rl31aRk2IzK419GaXMc6kBijEXP4/QxrMk=
last-modified: Fri, 12 May 2023 22:50:09 GMT
server: cloudflare
etag: W/"0599077608bd4810d3f8bc5c5b0d0855"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7c9090747fab381b-FRA
expires: Thu, 18 May 2023 06:10:31 GMT

GET
H2 200 messenger-5ed096f07c980d63deff.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 8333 591 KB
156 KB 15ms
14ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-5ed096f07c980d63deff.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4e5a4c90a9521b8024c3cfc4ef7a93422e710021c5c3292df84d679b7bee6ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: YlERv2WOivUB3xIPZsuqx1.cdUscQk4Z
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 7JGTTQ16G0KT5S8P
age: 6233
x-amz-server-side-encryption: AES256
x-amz-id-2: xA4JblFDCjzTOt+O795Vnrd2JH19HX6YqViDoMK4Fp1leg77JowL5z1HFY9fOXw+0035NV66Rtk=
last-modified: Thu, 18 May 2023 00:23:40 GMT
server: cloudflare
etag: W/"c708b2e1cfc3e72bdfcec0200298df74"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7c9090749fbd381b-FRA
expires: Thu, 18 May 2023 06:10:31 GMT

GET
H2 200 Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 8333 97 KB
97 KB 45ms
12ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: Ts0p7fbKsZIFu_VEk6HOvm9iYpTRKuos
cf-cache-status: HIT
x-amz-request-id: CEP09K8Q9AWXQXXC
age: 13825698
content-length: 98868
x-amz-id-2: 0yIZpJ3E+wax33p9hbRlcPRqayUFdNGcw1eKO75tX6PWzxbspBIeeE8TIOV13jCL7LWCf+L0zlk=
last-modified: Thu, 08 Dec 2022 23:17:25 GMT
server: cloudflare
etag: "dc131113894217b5031000575d9de002"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7c9090749bc9997b-FRA
expires: Fri, 17 May 2024 08:10:31 GMT

GET
H2 200 Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 8333 103 KB
104 KB 58ms
26ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=f11f21a6-de16-4d5c-90f8-0f3f66e5b8d5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:31 GMT
x-amz-version-id: ePBeoMCujYBxKBCWHO9COs36tHcpJSw9
cf-cache-status: HIT
x-amz-request-id: CEP010VXS53TTSBC
age: 13825698
content-length: 105804
x-amz-id-2: QHiMME26rrnhbNletEjzT7c1PatCbQ+YZemmZF64J6xR03kdZyzWMNMAM8t+FYwnezGTM4tSB3A=
last-modified: Thu, 08 Dec 2022 23:17:25 GMT
server: cloudflare
etag: "007ad31a53f4ab3f58ee74f2308482ce"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7c9090749bca997b-FRA
expires: Fri, 17 May 2024 08:10:31 GMT

POST
H/1.1 200
OK / Show response
sentry.io/api/1332833/envelope/ Frame 8333 2 B
442 B 517ms
116ms Fetch
application/json 35.188.42.15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-7893581232a37394b2e8.chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.qualified.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 18 May 2023 02:10:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: nginx
vary: origin,access-control-request-method,access-control-request-headers
Content-Type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
Connection: keep-alive
Content-Length: 2

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=A336801B9280418DB4F32DEC61AB8D5D&RedC=c.clarity.ms&MXFR=1549A7451990665612C1B4501D90682E
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A336801B9280418DB4F32DEC61AB8D5D&MUID=1E65DAF8503D6738008BC9ED5156661A

42 B
443 B

34ms
34ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A336801B9280418DB4F32DEC61AB8D5D&MUID=1E65DAF8503D6738008BC9ED5156661A
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:31 GMT
last-modified: Thu, 04 May 2023 15:33:28 GMT
server: Microsoft-IIS/10.0
etag: "6de038c69d7ed91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:31 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61082C697068474F8F33447769117D1E Ref B: FRAEDGE1117 Ref C: 2023-05-18T02:10:32Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=A336801B9280418DB4F32DEC61AB8D5D&MUID=1E65DAF8503D6738008BC9ED5156661A
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 2D51 25 B
112 B 141ms
114ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 02:10:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 67186dd4f2216c82
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 2D51 21 KB
8 KB 813ms
813ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

6eaf3295f2405000b02ea91d832fa7a1d873d30ffe6edf6193967c19204ee475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 02:10:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: c44a89e219c4ddc7
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 710
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
291 B 93ms
93ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cofense.com
Date: Thu, 18 May 2023 02:10:32 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 196ms
195ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 track Show response
event.api.drift.com/ Frame 2D51 699 B
762 B 104ms
104ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

2c1f74a7d41796273b5b22492ad3d2052f4a272be69eaaaf3ca1bb5cf5f95c35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODI4NDg2NzY0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTI4NjgiLCJleHAiOjE3MTU5OTgyMzIsImlhdCI6MTY4NDM3NTgzMn0.l8B3ck75cOsSWIm66c0xxWtDlcz2umcRluOuxMesInTGgDUzR2SOnk8cOy-H8ywI-kKp3cmz2-Pneqf_kSUlDQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 18 May 2023 02:10:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 771d9349b7cd6e97
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 699

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 124ms
103ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 18 May 2023 02:10:33 GMT
requestid: drift6f2372e4db69d5087a5909e4bc6
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame 2D51 706 B
411 B 105ms
105ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e87554afd828448a8cc562315bb299d5a3a67cae3b468593034f777193d20d28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODI4NDg2NzY0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTI4NjgiLCJleHAiOjE3MTU5OTgyMzIsImlhdCI6MTY4NDM3NTgzMn0.l8B3ck75cOsSWIm66c0xxWtDlcz2umcRluOuxMesInTGgDUzR2SOnk8cOy-H8ywI-kKp3cmz2-Pneqf_kSUlDQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 18 May 2023 02:10:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: fe79298eb15833c
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 350

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 126ms
105ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 18 May 2023 02:10:33 GMT
requestid: drift36a9dd94ec4a473a6b558d4a0a1
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

GET
H/1.1 200
OK 976848be5d3705f67929c776e7c981f073674577458bffa4c5df2500b43cc5d1.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 8333 7 KB
7 KB 338ms
113ms Image
image/png 52.217.234.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/976848be5d3705f67929c776e7c981f073674577458bffa4c5df2500b43cc5d1.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.234.82 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-east-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 35f2fd2da69d4fb87275d7ce76117c573c18ab9c6dbbd08429712af6346c26a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Thu, 18 May 2023 02:10:34 GMT
Last-Modified: Thu, 20 Apr 2023 21:32:06 GMT
Server: AmazonS3
x-amz-request-id: RETFJEYEKMP506AB
ETag: "28067073f437880b9148c0ab27de6900"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 6908
x-amz-id-2: bmiqOmZ0F/eVphvMkUuvpafF0Hn7MM9lTgKderv5DQOwLVDMyT49E/4AdZe46WqDpY20NVZPtpI=

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 200ms
199ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 render_initial_v3 Show response
flow.api.drift.com/flows/ Frame 2D51 3 KB
2 KB 142ms
142ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

11183ab3ac554102efb863c6a1b4dae1700c4077e1b942b8b76a77070361b55f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODI4NDg2NzY0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTI4NjgiLCJleHAiOjE3MTU5OTgyMzIsImlhdCI6MTY4NDM3NTgzMn0.l8B3ck75cOsSWIm66c0xxWtDlcz2umcRluOuxMesInTGgDUzR2SOnk8cOy-H8ywI-kKp3cmz2-Pneqf_kSUlDQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 18 May 2023 02:10:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 16da7b6abd5d7d15
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 36
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1973

OPTIONS
H2 200 render_initial_v3
flow.api.drift.com/flows/ Frame 0
0 131ms
105ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 18 May 2023 02:10:33 GMT
requestid: drift3556afe48169067f630f26e6cbb
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 104ms
104ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 18 May 2023 02:10:33 GMT
requestid: drift90d70534dc497538549be1f9a94
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame 2D51 0
60 B 111ms
111ms XHR
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODI4NDg2NzY0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjE0NTI4NjgiLCJleHAiOjE3MTU5OTgyMzIsImlhdCI6MTY4NDM3NTgzMn0.l8B3ck75cOsSWIm66c0xxWtDlcz2umcRluOuxMesInTGgDUzR2SOnk8cOy-H8ywI-kKp3cmz2-Pneqf_kSUlDQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 18 May 2023 02:10:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: db0ee3c523ced264
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&aip=1&a=134779332&t=event&ni=1&_s=2&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&ul=en-us&de=UTF-8&dt=Threat%20Actors%20Impersonate%20Email%20Security%20Providers%20%7C%20Cofense&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202159654&_u=aDDAgUABAAAAAEAAI~&jid=&gjid=&cid=548345462.1684375831&tid=UA-114787942-1&_gid=757011283.1684375831&gtm=45He35a0n815RQ37KH&z=1456527010

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 May 2023 03:45:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 80678
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 57.3fe6ce5a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2D51 18 KB
7 KB 7ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.3fe6ce5a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7808407d987a0039e46333beac73c0eb079413f379ad59dd12b60e0c5a019467

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=28krvx2uf9n3&eId=28krvx2uf9n3&region=US&forceShow=false&skipCampaigns=false&sessionId=46b1f082-771e-4b23-8948-800ce98b8be7&sessionStarted=1684375831.205&campaignRefreshToken=9e0dcd32-a31d-4788-918c-34fde200c635&hideController=false&pageLoadStartTime=1684375829540&mode=CHAT&driftEnableLog=false&loadStrategy=EAGER&secureIframe=false&u=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id: .sHJCgZAVT7FBjcCQK57dlXTswO0t9Yg
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"d8fe910bd6146f598b818efb6c5a914c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rNaFW5NoRXUyn7e5khiuJIDv-l5tp8_fhl-v-T_blmnsqO_0auqaLw==

GET
H2 200 57.3fe6ce5a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BB61 18 KB
7 KB 6ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.3fe6ce5a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ab54bfc8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7808407d987a0039e46333beac73c0eb079413f379ad59dd12b60e0c5a019467

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1684375829540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:33 GMT
x-amz-version-id: .sHJCgZAVT7FBjcCQK57dlXTswO0t9Yg
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 478860
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Thu, 11 May 2023 20:21:37 GMT
server: istio-envoy
etag: W/"d8fe910bd6146f598b818efb6c5a914c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4E1jDuN7t2M5rJzRdudNB8-0jVBmgw5hwjphUdjk3Ketkh1-6zMWwQ==

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F2106400%252F13690614ba4dc30e40747e74e1535a5adzn4mi89fik3%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w...
driftt.imgix.net/ Frame 2D51 23 KB
24 KB 48ms
7ms Image
image/png 2a04:4e42:8d::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F2106400%252F13690614ba4dc30e40747e74e1535a5adzn4mi89fik3%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D3d628948700c6adffa763ed302d1aec1?fit=max&fm=png&h=200&w=200&s=b89b9dce21f66015eedf860da053c36f

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8d::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

4bfadbef6403a8d94ce18f4c015c320c8627a0ecaf0e2633ae3e7c601cd00f14

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:33 GMT
x-content-type-options: nosniff
age: 495984
x-cache: HIT, HIT
x-imgix-id: c15c845a40c0aa329508f425c9f8287983a1f795
cross-origin-resource-policy: cross-origin
content-length: 23915
x-served-by: cache-sjc10076-SJC, cache-fra-eddf8230062-FRA
x-imgix-render-farm: 01.8752
last-modified: Fri, 12 May 2023 08:24:09 GMT
server: imgix
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: X-Imgix-Bg-Remove-Failure-Reason
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 2D51 38 KB
39 KB 6ms
6ms Font
font/woff2 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 18:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 6248561
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 66
content-length: 39372
last-modified: Fri, 03 Mar 2023 16:21:38 GMT
server: istio-envoy
etag: "40b6965b5cd26213faf61e5ab6765bb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff2,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4xj1i78DFRqBS-PCf7ZbCC2OzGZ4awICTl5C2T4FQJb1Qnc9UrQKNQ==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame BB61 38 KB
39 KB 6ms
6ms Font
font/woff2 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 18:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 6248561
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 66
content-length: 39372
last-modified: Fri, 03 Mar 2023 16:21:38 GMT
server: istio-envoy
etag: "40b6965b5cd26213faf61e5ab6765bb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff2,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8lbC7XRpG28E_LuErAtsDyu9ANXSrTALz7JaIShL5wSDbrneSp5FqQ==

GET
H2 200 3.876e100b.chunk.js Show response
js.driftt.com/conductor/assets/ 158 B
852 B 6ms
6ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/3.876e100b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1684376100000/28krvx2uf9n3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

820a4fba20403c9f079047d93e75967962f41710cbc648747c7bc6c95082dcdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:45 GMT
x-amz-version-id: oozHx4AqYNl6Xn9PvuD7UAqEXRQ2JzhX
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 478849
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
content-length: 158
last-modified: Thu, 11 May 2023 20:21:42 GMT
server: istio-envoy
etag: "c305bf442772f618527148111051de22"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gByvK149sCALY72s-qknIxZTCXSBWeXp5BAklqEztDHUaRC2cSimpw==

GET
H2 206 notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/ 8 KB
8 KB 7ms
7ms Media
audio/mpeg 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cofense.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 03 Sep 2022 07:38:10 GMT
x-amz-version-id: Ub51puyo1Locv75rMJeYD6NAYp0fo__l
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 22185144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-7754/7755
Content-Length: 7755
last-modified: Thu, 01 Sep 2022 13:18:52 GMT
server: nginx
etag: "5f7c6014cf73831f91963a668b71fbb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vIWlhmSF0zE9doXoOVLCI9nuiFPPPonKzSVvAmfLOksBcDQY8_LlVw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 205ms
205ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame 2D51 25 B
89 B 123ms
123ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 18 May 2023 02:10:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 88043573b726efaa
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 19
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 200ms
194ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 02:10:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je35a0h1&_p=134779332&cid=548345462.1684375831&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1684375830&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F&dt=Threat%20Actors%20Impersonate%20Email%20Security%20Providers%20%7C%20Cofense&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 18 May 2023 02:10:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
291 B 95ms
92ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cofense.com
Date: Thu, 18 May 2023 02:10:35 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cofense.com/	1970-01-20 14:02:31	Name: _gcl_au Value: 1.1.337934583.1684375830
.cofense.com/	1970-01-20 21:28:55	Name: attr_first Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F%22%2C%22date%22%3A%222023-05-18%22%2C%22timestamp%22%3A1684375830306%7D
.cofense.com/	1970-01-20 11:52:57	Name: attr_last Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fthreat-actors-impersonate-email-security-providers-to-steal-user-credentials%2F%22%2C%22date%22%3A%222023-05-18%22%2C%22timestamp%22%3A1684375830306%7D
cofense.com/	1969-12-31 23:59:59	Name: wp-wpml_current_language Value: en
.techtarget.com/	1970-01-20 11:52:57	Name: __cf_bm Value: l1f4sKvB5wfari5yPMjAiDvkuErmioddOm2KVSUgR1I-1684375830-0-AbnNDGj8NtoPxEbyCQt5SS1OtZaJTM32OEulZmJuonSeZMynycdgpqB35uBslbKf8RJ9IYfwVKeB6tWeVEhcrdY=
.cofense.com/	1970-01-20 21:28:55	Name: __q_state_H3wWDXLUxD4irieG Value: eyJ1dWlkIjoiZjExZjIxYTYtZGUxNi00ZDVjLTkwZjgtMGYzZjY2ZTViOGQ1IiwiY29va2llRG9tYWluIjoiY29mZW5zZS5jb20ifQ==
.ws.zoominfo.com/	1970-01-20 20:38:31	Name: visitorId Value: 279353283ae1e2d2ff6093018031418b95e6cb0d083cdd8e4297aa1e681eb240
.zoominfo.com/	1970-01-20 11:52:57	Name: __cf_bm Value: VvoFhKa2TII60sLMVOCA_0cW9RiIKyg5IXXqaybjG.w-1684375830-0-ARWyAK1MvdmEkSO9RmFq+UbGZZxJLvbfmmDymaaRetGU7msNwFABZA+IyMP6ch0MFqpfyHHVQcdeaeOqWb+Jtqw=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: SnZy3Z99PjKitOadsmHfJWs1xneCqMzX19mlaz4zM_I-1684375830484-0-604800000
www.clarity.ms/	1970-01-20 20:38:31	Name: CLID Value: 684406f321b14279b57bc36e668c280b.20230518.20240517
.cofense.com/	1970-01-20 21:28:55	Name: _ga Value: GA1.2.548345462.1684375831
.cofense.com/	1970-01-20 11:54:22	Name: _gid Value: GA1.2.757011283.1684375831
.cofense.com/	1970-01-20 11:52:55	Name: _dc_gtm_UA-114787942-1 Value: 1
.cofense.com/	1970-01-20 21:28:55	Name: _mkto_trk Value: id:404-JHU-612&token:_mch-cofense.com-1684375830588-97094
cofense.com/	1970-01-20 12:03:00	Name: _an_uid Value: 0
cofense.com/	1970-01-20 21:28:55	Name: _gd_visitor Value: 0514e93a-3ecc-4adc-8a8a-77c412199c6b
cofense.com/	1970-01-20 11:53:10	Name: _gd_session Value: 0f544c50-f281-4871-807d-3321fbac49f6
cofense.com/	1970-01-20 11:54:22	Name: ln_or Value: eyIzMDA3MjEiOiJkIn0%3D
.cofense.com/	1970-01-20 20:38:31	Name: _clck Value: 1xxk6e\|2\|fbp\|0\|1233
.linkedin.com/	1970-01-20 14:02:31	Name: li_sugr Value: cfd00a2e-f294-4349-a9dd-13cb5681e626
.linkedin.com/	1970-01-20 20:38:31	Name: bcookie Value: "v=2&fb7ddd01-bd0b-4a98-874a-bb4376fc2249"
.linkedin.com/	1970-01-20 11:54:22	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=2923:u=1:x=1:i=1684375830:t=1684462230:v=2:sig=AQG1l4iU_g97CGpEOKwJZuuGWaYZM5aT"
.6sc.co/	1970-01-20 21:28:55	Name: 6suuid Value: aad017025c0f0200168965642b030000eb5d0000
.cofense.com/	1970-01-20 21:28:55	Name: _ga_3G76T4W3LR Value: GS1.1.1684375830.1.0.1684375831.59.0.0
cofense.com/	1970-01-20 11:52:57	Name: drift_campaign_refresh Value: 9e0dcd32-a31d-4788-918c-34fde200c635
.linkedin.com/	1970-01-20 12:36:07	Name: UserMatchHistory Value: AQIqWLT-lWL77gAAAYgsn4LosfDqE6Frs7rhUw2fwlCmraHpkSJ0d8j2hPBcRiP8V2Yu5eLQdAw0DA
.linkedin.com/	1970-01-20 12:36:07	Name: AnalyticsSyncHistory Value: AQJp3vJiB1lUTAAAAYgsn4LoYYuAvEX3P8dSANE8Lfjpjes8RzSaRYIKEVfuBJkSmB4wHA5-iInr3sg-GOgzcw
.www.linkedin.com/	1970-01-20 20:38:31	Name: bscookie Value: "v=1&20230518021031befcc9a6-4db9-41e5-8108-e5b374cede2eAQHg54LSrwz_8782_wtUCCo4Pz8-UvJV"
.linkedin.com/	1970-01-20 16:12:07	Name: li_gc Value: MTswOzE2ODQzNzU4MzE7MjswMjGQDneOS1ZAd+qVSEnWNFtTlvDc3FFtM86ZDSs440zpTw==
.cofense.com/	1970-01-20 11:54:22	Name: _clsk Value: 17p9na5\|1684375831738\|1\|1\|y.clarity.ms/collect
cofense.com/	1970-01-20 21:28:55	Name: drift_aid Value: eaa7b6b9-f8d6-492c-a95b-7ef87e0007fa
cofense.com/	1970-01-20 21:28:55	Name: driftt_aid Value: eaa7b6b9-f8d6-492c-a95b-7ef87e0007fa
.bing.com/	1970-01-20 21:14:31	Name: MUID Value: 1E65DAF8503D6738008BC9ED5156661A
.c.bing.com/	1970-01-20 12:03:00	Name: MR Value: 0
.c.bing.com/	1970-01-20 21:14:31	Name: SRM_B Value: 1E65DAF8503D6738008BC9ED5156661A
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 21:14:31	Name: MUID Value: 1E65DAF8503D6738008BC9ED5156661A
.c.clarity.ms/	1970-01-20 12:03:00	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 11:52:56	Name: ANONCHK Value: 0

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cofense.com/wp-content/themes/cofense/css/testing.css?ver=6.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cofense.com/wp-content/themes/cofense/css/custom.css?ver=6.2 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ Message: Failed to decode downloaded font: https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf
other	warning	URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ Message: Failed to decode downloaded font: https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf
other	warning	URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://cofense.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.3(Line 1) Message: Failed to decode downloaded font: https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf
other	warning	URL: https://cofense.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.3(Line 1) Message: OTS parsing error: invalid sfntVersion: 1008813135
network	error	URL: https://lltrck.com/scripts/lt-v3.js?llid=19612 Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ Message: Failed to decode downloaded font: https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf
other	warning	URL: https://cofense.com/blog/threat-actors-impersonate-email-security-providers-to-steal-user-credentials/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG(Line 2) Message: Failed to decode downloaded font: https://cofense.com/wp-content/uploads/2022/05/Inter-Medium.ttf
other	warning	URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG(Line 2) Message: OTS parsing error: invalid sfntVersion: 1008813135

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

404-jhu-612.mktoresp.com
app.qualified.com
assets.qualified.com
b.6sc.co
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.linkedin.oribi.io
cofense.com
driftt.imgix.net
epsilon.6sense.com
event.api.drift.com
extend.vimeocdn.com
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.qualified.com
lltrck.com
metrics.api.drift.com
munchkin.marketo.net
okt.to
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
qualified-production.s3.us-east-1.amazonaws.com
region1.analytics.google.com
secure.adnxs.com
sentry.io
snap.licdn.com
static.oktopost.com
stats.g.doubleclick.net
targeting.api.drift.com
trk.techtarget.com
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
y.clarity.ms
104.102.38.132
104.211.35.148
13.107.42.14
141.193.213.20
143.204.98.30
146.75.118.109
18.66.112.118
185.89.210.90
192.28.144.124
2001:4860:4802:34::36
2600:9000:20eb:b400:2:53b2:240:93a1
2606:4700::6810:650c
2606:4700::6812:1005
2606:4700::6812:1105
2606:4700::6812:d9f
2620:1ec:21::14
2620:1ec:4f:1::45
2620:1ec:c11::200
2a00:1450:4001:803::2004
2a00:1450:4001:828::2003
2a00:1450:4001:830::2003
2a00:1450:4001:830::2008
2a00:1450:4001:830::200e
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9d
2a02:26f0:3400::215:4f28
2a02:26f0:3500:16::215:1495
2a02:26f0:480:f::213:7ec6
2a04:4e42:8d::720
3.124.207.209
34.111.208.231
35.188.42.15
50.16.7.188
52.20.195.32
52.217.234.82
52.70.128.149
52.73.0.225
68.219.88.97
95.101.111.170
01ab06a4f41a055192b9a7f49291e35e6b8fa4003ec4b461426e837aec3bd0d3
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874
02a76dc0b61a8e0a92b77ca42acc3d45bb580a82576b624bc7181336376ef375
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
0a878495e0cd07bbe654d5ca09dd53707b0349b326c229393df27696e92e255c
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0cbf6e774cef56a187b12fea61250b10a013df245ca8ed9c47bf3f18f8a7696b
11183ab3ac554102efb863c6a1b4dae1700c4077e1b942b8b76a77070361b55f
120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401
12ce92cc3c4eb9d74f48e9a10eb919bdf30bbdc5ccf9843c6543fec302dec54f
138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47
13ba7d85cedf2d5b14f9091119f9067689bdc33edde1d37a654787d416fbca34
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
17d79e1bc3fb327894fe4611b2551527a6face62f87403e7bc93fe974cad0c3c
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1a6066a6d31e78435df4062a26c6f87e325ec23de535b95c65cb90e0ea570038
1a7d5d0c9c86dc2db1249eee49e178e16885d04b41f20cab6e5ad4e5a51f89af
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
1d6f23c3da43351a928c1cbdf13e636cf89eea279953f2a047d075e907a92143
1fdf9d9bc69a6a57c389f34746d9f4a8f78b43afe081852cbc78e8ec72f10b5e
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
22401c003c78aad72366e7e2b3592d82cbc8a474ec7f5b15639613a77641b23a
22a79f1fbcc70373c7021bae2164d9232d1e9dd3c6a163df9f9f54070e5f6b50
277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e
27e3a6edd675a54d8e2bdb8948cd14f49889b821856df2e552943ed2a30b86af
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2c1f74a7d41796273b5b22492ad3d2052f4a272be69eaaaf3ca1bb5cf5f95c35
2cc15bc3d3dda4e699624aae9727570dd1cb7cfa4535a074a453e1437e279d21
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fbefccb4ad6c46120918789e367472752f9a20395e5bbf954ef3dc0f3e515ee
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
35f2fd2da69d4fb87275d7ce76117c573c18ab9c6dbbd08429712af6346c26a3
3712503bb918df807d914560581fd3a9a80fea3b4321467119699669b48571e1
3bbb0066348fce96f69e00f87acf0c1990e445ef355554933be086eb68130ce4
3c1a5c4b5574a4104a92b2e700e6f0fc5b001c4297ebc5a1e76d67b1fbeb1c2d
3d7cc8b6dd2abcbafc61918a074f96bef0698f9382e157d26ac719fbf36f1188
3f468279f26e593cb95007007c5a99d4f5b185fb8f8626717d86b767b118f431
3f9975dcb021180e0dd69d696757cef5b76fb963697bbcfbaf87b0acaa213f76
4269d080795dd196c4df94822c88ff9c5d8dc5c2e1ca78371af88f9887df2a03
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44f85e2f0d0e5c80e0f8423d26cf06f16dd5c1d1979e99338fef230276f26b7b
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4604ed4eb3e25b2aeb907e4ea907f2a44152ff2e7a867895b78018419ac26c0f
461774567dfde4b0d482aeb6a10845500143142b91c578b766a9fadbe073d9f6
4b6282f417900055c604419822eb0ff788d325f23c9eca94146e3086177e8f0a
4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274
4bfadbef6403a8d94ce18f4c015c320c8627a0ecaf0e2633ae3e7c601cd00f14
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
4f42fa1fe21c3cdf7ccfa09bfb44d1325bd3713e1ddb82e661e2c28002eef957
51445b2ccc8f515394b4750bd52fbc74089c3e894ec552a64fbc85c71a766f49
51b22cb9ab468340f75df2f2e64986bc0281f98e3a01929c1fd42e4715572b17
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
52a661be3553acef0460eeba36501d715812dbce60cd805e283556405bafcd87
533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566d4c5dfefc9c4d867e6bef080917a4273b4228731a8700e81f1763eae3d861
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
61151904cdaac8598432e87f9c5e95615c79c260306fbedcec80e8f12b524e6c
62062fcb3c6616ca89680937f8d8f3bc6560e8090f33121891b7cd93bb1daac3
68391267b7be9baf7d254da6b10ae55f6dad95f475da47e115b383d0a1b11bf5
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6c150f647bb99e5bb3b09fb9886e7abf01acdcceb46053dc6bddbcc1dbac9727
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6eaf3295f2405000b02ea91d832fa7a1d873d30ffe6edf6193967c19204ee475
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
71966cb221a057ee9313fb232e40c7a0a70d2e472909c3947f4878c8e195ad53
727a730eda79071d5f02ba91d752c3feed10e0cd63a9c042f298390c24f85236
73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7808407d987a0039e46333beac73c0eb079413f379ad59dd12b60e0c5a019467
79d13301496a9ab684dd4a4ce0d647b8ba2da98e2f6a369ab7858ec46fbf3c9d
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7db64528c3a512e392a9d8a3ea52a192b088bb809926475d9afe703fcc769806
80476f0a05718213d0e030326ae918679564695164f1768f19e982cb6f15b826
814d45cce5caa5b45bc44934f24e210c64cb36ba1438a14d40ad7d23784e78e7
820a4fba20403c9f079047d93e75967962f41710cbc648747c7bc6c95082dcdb
82b28becadf6ab1c3eaf14ee8bf08e65a5f138234f83f6b026e43ff171823d66
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f60653bab6c200949723e51919debe0654cc245a67ef4931e7fe9cd9ed7573
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf
86e5f383c43482b102b2dca93faab32637c7ccdbd5455e7840bbca7d8f57e0ee
879b72c4a0278d58c37dbced4e86616f012fa8dc0aa70350cd0dbbf17c062571
898af87758a66841b8b37df0d1b8b89b65c6cfc78e63e1031372ce49c7c80e83
8cbc49b1385bf29debe95333f04795a6e3a2cf218d88b415b29872d06491fd1c
8ee0654259fda0bbfeab4305b895e740659613080d90352bd36c1452fd426ef6
95af163892829a3ef249441b70b2c8281b845edea4b24680d3326486861d6082
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9caa51975dc97351ceb4e544fab746be9aee637db3095652a84b8dc68241e6ec
a021e5ef7022a556c759cca4e248f10383d65a1cd4df600dae57ea37ca481073
a1c171797fc8ac078efd2ca622e07b0cc14491ae3694359e73e34e2e86e223fb
a4c2dc7043f4e47798e8884cc62a1f2004775772516af31a5acd806a2de75db2
a6d43b4adbc46130383d2e36d8ab9ecfa4ea32e3c7f360e05343a7476d639f0f
a9eba9cdd7058e2a7ad28937e19dc6820a079e11ed1728903ceb27a42ffcc9ba
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
aebf3a5076b724c0097b17849789e5b72ab7a54d91fae262585b0266c2670b23
aef9a78e8807b45938115601cbfbbfd7444f2c2fa128bd0c464423b120238aaf
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b3c983227e71c4f8da7d9af830cde723a94fd1a3a712e666c1f389dfac405bb9
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
b8449a28a151415d580be1dfd69056906199f1dd6ceb2c1b5edf61950ada9d13
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b89b6165327872066d09bf529b6f131b238a193e71a8ab9108b2ea40ae92d3f8
b92bc329c275b04d571cf6e800eb9f8d7351439064538f6190f1456962e37e64
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
c05a1108c176130e9dff2f6a5ebdb60be1c3e17b5a8f83de35b29f44fb109434
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c2a57e72f6430ea09c331789ed0d8e2b9b36dc11965b8e29629a7b7e4cbbec01
c2b161eb1b49e80c76e7dacf0e1d04e082aca311886ea99ec0177937e7c71768
c3dfc3f03106f85ab56ceaadf44433f35cca4209d64922d50a1c650c90aa60ad
c3e55b0fbe6b73de12d128f91dd2b71a7ecf0a0c912a6d3464c76f2ccdbf5586
c45f781964e97c179059fb620032eddab4a86bf8af6cd3f7460b2fa839fedb10
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c775a362bb8cfcb1f31682b2a1a017a05ea83016e5848a6ab3ae6c1de152ce94
ca4b8bc30efe3bc477a4699a51c7ca0ba2cf24f24f02d3b861453a1aac7d0fb6
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d2ac30455abb41bb5755983f23e4f7704b16b16de8212bc12df1ac1c811ec971
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d7ef6955aa3b222a31d53ffe3539830d54c42b7c5febbb07af66916c2990fa03
dc7e118b7e07217031d017282955569cb66891f527050135caadb2dd5779824f
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e1832388238ca6cfbc25c5180b8be7b4e97d8fb24007fc419f28cae29eb38973
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e4e5a4c90a9521b8024c3cfc4ef7a93422e710021c5c3292df84d679b7bee6ad
e517a35c5f569958a934efcb143bdbb42f9f3b8cdd11442aed95bf45716007f2
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e5cc98a7681a840c7940cf675360a0def2ffacf2ea52b046ce5354a9ee873dd8
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e87554afd828448a8cc562315bb299d5a3a67cae3b468593034f777193d20d28
e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba
eaf3fbeb37e264707dd55409d3e8729dbbf6fdc39536e3961c59ec0a4ebad5f0
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
eceee9cbf2cb380924bf8ddcff80de363cf46f7dc35bb336bd2bd08af878bbe2
ed08f388b2864b8c7a4ef48fe5dd0fa252576b39a1816384bf014b6bf3f49d41
ed83017a905156aab441dfb38df329582a3f5d178248f2b085ce082af97e15a7
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02a485e9b6bf0fb3440dd6a7416f3693413a0b2727955f78f239c459cc789c0
f1e39af91d28d968e99e2b2d684b8a3cff1132aa980e11911b9951bf66aee4ba
f25567e7b8a0698486afcba5bc45a909e308e0e161d906c63a570b46734751a7
f2ae4a1938fe6071ac16a5d359018cf424002cc8e14f23fa9c43dd1f51d4fcc6
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f3e04a15bb017b906d4834cb5da6e3ea409b5da37a0cd9cec4b62a496f8560a1
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f93a6601c7d9a5a96205128c36fb3474e51689f791985f24447e7381cbab3e33
fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675
fc908815ecb3b75f4422d1d2320906191ce7c63daaeb1b4cd79279fe0ce06bc6
fde087c9787c0e8f06c39fae532bf7b481c06259272f492ebe87634fe54ea162
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

cofense.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

229 Requests

98 %HTTPS

51 %IPv6

31 Domains

46 Subdomains

38 IPs

4 Countries

2797 kBTransfer

8263 kBSize

39 Cookies

7 Outgoing links

Redirected requests

229 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cofense.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

229
Requests

98 %
HTTPS

51 %
IPv6

31
Domains

46
Subdomains

38
IPs

4
Countries

2797 kB
Transfer

8263 kB
Size

39
Cookies

229 HTTP transactions
9 data transactions