expel.com Open in urlscan Pro
54.156.130.60 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://expel.io/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://attack.mitre.org/tec...
Effective URL:
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/tech...
Submission: On January 12 via manual (January 12th 2023, 3:53:53 pm UTC) from CA — Scanned from CA

Summary HTTP 201 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 44 IPs in 3 countries across 40 domains to perform 201 HTTP transactions. The main IP is 54.156.130.60, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is expel.com. The Cisco Umbrella rank of the primary domain is 444415.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 15th 2022. Valid for: 5 months.

This is the only time expel.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.111.83.20 34.111.83.20	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 49	54.156.130.60 54.156.130.60	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	152.199.2.76 152.199.2.76	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6812:6494	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:824::2008	15169 (GOOGLE) (GOOGLE)
9	23.4.230.40 23.4.230.40	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2600:141b:13:... 2600:141b:13::17d7:8279	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:141b:13:... 2600:141b:13::17d7:8252	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	68.67.179.164 68.67.179.164	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:1400:d:5... 2600:1400:d:5a1::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.36.157 199.232.36.157	54113 (FASTLY) (FASTLY)
2	104.102.141.31 104.102.141.31	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.2.60 18.66.2.60	16509 (AMAZON-02) (AMAZON-02)
1	104.95.194.74 104.95.194.74	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	68.67.181.211 68.67.181.211	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.90.254.51 69.90.254.51	13768 (COGECO-PEER1) (COGECO-PEER1)
2	2620:1ec:48:1... 2620:1ec:48:1::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6812:1a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 1	184.50.205.247 184.50.205.247	16625 (AKAMAI-AS) (AKAMAI-AS)
3	69.90.254.78 69.90.254.78	13768 (COGECO-PEER1) (COGECO-PEER1)
2 3	54.175.87.114 54.175.87.114	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
1	8.2.110.24 8.2.110.24	46636 (NATCOWEB) (NATCOWEB)
3 3	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
2 2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2600:1400:d::... 2600:1400:d::6878:d2aa	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2607:f8b0:400... 2607:f8b0:4006:808::200e	15169 (GOOGLE) (GOOGLE)
64	13.225.223.85 13.225.223.85	16509 (AMAZON-02) (AMAZON-02)
1	18.164.96.77 18.164.96.77	16509 (AMAZON-02) (AMAZON-02)
3	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.225.214.60 13.225.214.60	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225f:ac00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:4004:c08::9b	15169 (GOOGLE) (GOOGLE)
1	3.248.94.213 3.248.94.213	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:816::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2003	15169 (GOOGLE) (GOOGLE)
1	18.203.123.105 18.203.123.105	16509 (AMAZON-02) (AMAZON-02)
1 2	20.110.81.91 20.110.81.91	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
201	44

1 34.111.83.20 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 20.83.111.34.bc.googleusercontent.com

expel.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 54.156.130.60 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-130-60.compute-1.amazonaws.com

expel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.199.2.76 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:6494 (United States)

ASN13335 (CLOUDFLARENET, US)

www.g2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.4.230.40 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-4-230-40.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:141b:13::17d7:8279 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:8252 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.179.164 (Secaucus, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d:5a1::1c91 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.36.157 (New York, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.141.31 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-141-31.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.2.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-60.txl50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.95.194.74 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-95-194-74.deploy.static.akamaitechnologies.com

origin.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.181.211 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.expel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.90.254.51 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)

e.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:48:1::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1a55 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

986-vwl-068.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.50.205.247 (Edison, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-50-205-247.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.90.254.78 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.175.87.114 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-87-114.compute-1.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.178.172 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.110.24 (United States)

ASN46636 (NATCOWEB, US)

sync.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.246.49 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d::6878:d2aa (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:808::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 13.225.223.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-85.jfk51.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-77.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.214.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-60.ewr50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225f:ac00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.94.213 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-94-213.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.123.105 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-123-105.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.81.91 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	driftt.com js.driftt.com — Cisco Umbrella Rank: 5068	1 MB
51	expel.com 1 redirects expel.com — Cisco Umbrella Rank: 444415 info.expel.com — Cisco Umbrella Rank: 766138	631 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 6184 c.6sc.co — Cisco Umbrella Rank: 9255 ipv6.6sc.co — Cisco Umbrella Rank: 6560 b.6sc.co — Cisco Umbrella Rank: 4468	14 KB
9	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	20 KB
8	typekit.net use.typekit.net — Cisco Umbrella Rank: 440 p.typekit.net — Cisco Umbrella Rank: 587	114 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1214 j.clarity.ms — Cisco Umbrella Rank: 9036 c.clarity.ms — Cisco Umbrella Rank: 1704	21 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 391	123 KB
6	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 404 ib.adnxs.com — Cisco Umbrella Rank: 211	6 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 358 www.linkedin.com — Cisco Umbrella Rank: 570 px4.ads.linkedin.com — Cisco Umbrella Rank: 6226	4 KB
5	acuityplatform.com origin.acuityplatform.com — Cisco Umbrella Rank: 14989 e.acuityplatform.com — Cisco Umbrella Rank: 15456 ums.acuityplatform.com — Cisco Umbrella Rank: 1162	6 KB
4	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 5898 metrics.api.drift.com — Cisco Umbrella Rank: 5761	371 B
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 362 c.bing.com — Cisco Umbrella Rank: 253	14 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 607 script.hotjar.com — Cisco Umbrella Rank: 719 vars.hotjar.com — Cisco Umbrella Rank: 877 in.hotjar.com — Cisco Umbrella Rank: 1631	74 KB
3	tapad.com 3 redirects pixel.tapad.com — Cisco Umbrella Rank: 426	1 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7146	32 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 315	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 287	1 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 280	446 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2958	7 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	169 KB
2	g2.com www.g2.com — Cisco Umbrella Rank: 27867	23 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6559	161 B
1	google.ca www.google.ca — Cisco Umbrella Rank: 7961	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 75	438 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 810	378 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 682	5 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 310	755 B
1	admanmedia.com sync.admanmedia.com — Cisco Umbrella Rank: 7291	431 B
1	advertising.com 1 redirects pixel.advertising.com — Cisco Umbrella Rank: 1413	307 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 538	493 B
1	mktoresp.com 986-vwl-068.mktoresp.com — Cisco Umbrella Rank: 834658	318 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 628	307 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 609	392 B
1	t.co t.co — Cisco Umbrella Rank: 534	376 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 616	15 KB
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 10789	202 B
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2302	7 KB
1	expel.io 1 redirects expel.io — Cisco Umbrella Rank: 320120	210 B
0	company-target.com Failed api.company-target.com Failed
201	40

	Domain	Requested by
64	js.driftt.com	expel.com js.driftt.com
49	expel.com	1 redirects expel.com
9	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
7	b.6sc.co	expel.com
7	cdn.cookielaw.org	www.googletagmanager.com cdn.bizible.com cdn.cookielaw.org
7	use.typekit.net	expel.com use.typekit.net
4	secure.adnxs.com	2 redirects cdn.bizible.com expel.com
3	px.ads.linkedin.com	3 redirects
3	j.clarity.ms	cdn.bizible.com
3	pixel.tapad.com	3 redirects
3	ums.acuityplatform.com	expel.com
3	bat.bing.com	expel.com bat.bing.com
3	cdn.bizible.com	expel.com cdn.bizible.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	c.clarity.ms	1 redirects
2	match.adsrvr.org	2 redirects
2	x.bidswitch.net	2 redirects
2	ups.analytics.yahoo.com	1 redirects expel.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	info.expel.com	www.googletagmanager.com
2	ib.adnxs.com	1 redirects expel.com
2	munchkin.marketo.net	expel.com munchkin.marketo.net
2	www.googletagmanager.com	expel.com www.googletagmanager.com
2	www.g2.com	expel.com
1	c.bing.com	1 redirects
1	content.hotjar.io	cdn.bizible.com
1	www.google.ca	expel.com
1	www.google.com	expel.com
1	in.hotjar.com	cdn.bizible.com
1	stats.g.doubleclick.net	cdn.bizible.com
1	px4.ads.linkedin.com	expel.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	cdn.bizible.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	snap.licdn.com	www.googletagmanager.com
1	pixel.rubiconproject.com	expel.com
1	sync.admanmedia.com	expel.com
1	pixel.advertising.com	1 redirects
1	tags.bluekai.com	1 redirects
1	986-vwl-068.mktoresp.com	munchkin.marketo.net
1	geolocation.onetrust.com	cdn.bizible.com
1	e.acuityplatform.com	origin.acuityplatform.com
1	analytics.twitter.com	expel.com
1	t.co	expel.com
1	origin.acuityplatform.com	expel.com
1	static.hotjar.com	expel.com
1	static.ads-twitter.com	www.googletagmanager.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	cdn.bizibly.com	expel.com
1	p.typekit.net	use.typekit.net
1	j.6sc.co	expel.com
1	stackpath.bootstrapcdn.com	expel.com
1	expel.io	1 redirects
0	api.company-target.com Failed	js.driftt.com
201	57

This site contains links to these domains. Also see Links.

Domain
www.g2.com
twitter.com
www.linkedin.com
youtube.com
expel.io
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
expel.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-15` - `2023-02-21`	5 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.hotjar.com Amazon	`2022-10-25` - `2023-11-23`	a year	crt.sh
*.acuityplatform.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-27` - `2023-03-28`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
info.expel.com Cloudflare Inc ECC CA-3	`2022-04-25` - `2023-04-24`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
drift.com Amazon	`2022-08-24` - `2023-09-21`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.hotjar.io Amazon	`2022-11-28` - `2023-12-26`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Frame ID: E18908EFBE7BC0B7281E69107311016F
Requests: 135 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
Frame ID: 668C6BB8E3290F6F1256FF764E3EC1F4
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
Frame ID: EA15F22367D10EFFC99832215D9E8D5C
Requests: 32 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
Frame ID: 97128D0A5D7E92B66761C91D2F63007E
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found - ExpelAnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logopostsBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://expel.io/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://... HTTP 301
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://... HTTP 301
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/a... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

201
Requests

95 %
HTTPS

35 %
IPv6

40
Domains

57
Subdomains

44
IPs

3
Countries

2559 kB
Transfer

6332 kB
Size

75
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.g2.com/products/expel/take_survey?utm_source=review-widget

Search URL Search Domain Scan URL

URL: https://twitter.com/ExpelSecurity
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/expel
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://youtube.com/@expelsecurity
Title: Youtube

Search URL Search Domain Scan URL

URL: https://expel.io/notices/?cookie
Title: Our cookie policy

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://expel.io/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://attack.mitre.org/techniques/T1114/ HTTP 301
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://attack.mitre.org/techniques/T1114/ HTTP 301
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://secure.adnxs.com/px?id=1585696&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1585696%26t%3D2

Request Chain 75

https://ib.adnxs.com/seg?add=30064804 HTTP 307
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D30064804

Request Chain 90

https://tags.bluekai.com/site/37592?id=123456&limit=0&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D49%26auid%3D731126500571%26uid%3D%24_BK_UUID HTTP 302
https://ums.acuityplatform.com/sum?umid=49&auid=731126500571&uid=$_BK_UUID

Request Chain 91

https://pixel.advertising.com/ups/55950/sync?uid=731126500571&_origin=1 HTTP 301
https://ups.analytics.yahoo.com/ups/55950/sync?uid=731126500571&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55950/sync?uid=731126500571&_origin=1&verify=true

Request Chain 92

https://x.bidswitch.net/sync?dsp_id=236&user_id=731126500571&expires=30&user_group=1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=236&user_id=731126500571&expires=30&user_group=1 HTTP 302
https://sync.admanmedia.com/bidswitch.gif?puid=fb26a8e9-ade5-4e59-a33d-47cd1913b823&redir=[RED]

Request Chain 93

https://pixel.tapad.com/idsync/ex/receive?partner_id=3150&partner_device_id=731126500571&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D731126500571%26uid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3150&partner_device_id=731126500571&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D731126500571%26uid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3c796518-d4e8-4c60-960d-8176506e9075%252Chttps%25253A%25252F%25252Fums.acuityplatform.com%25252Fsum%25253Fumid%25253D64%252526auid%25253D731126500571%252526uid%25253D3c796518-d4e8-4c60-960d-8176506e9075%252C&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3c796518-d4e8-4c60-960d-8176506e9075%252Chttps%25253A%25252F%25252Fums.acuityplatform.com%25252Fsum%25253Fumid%25253D64%252526auid%25253D731126500571%252526uid%25253D3c796518-d4e8-4c60-960d-8176506e9075%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=81982044-ad55-428e-a2be-34d8ffd25a81&ttd_puid=3c796518-d4e8-4c60-960d-8176506e9075%2Chttps%253A%252F%252Fums.acuityplatform.com%252Fsum%253Fumid%253D64%2526auid%253D731126500571%2526uid%253D3c796518-d4e8-4c60-960d-8176506e9075%2C HTTP 302
https://ums.acuityplatform.com/sum?umid=64&auid=731126500571&uid=3c796518-d4e8-4c60-960d-8176506e9075

Request Chain 95

https://secure.adnxs.com/getuid?https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D10%26auid%3D731126500571%26uid%3D%24UID HTTP 302
https://ums.acuityplatform.com/sum?umid=10&auid=731126500571&uid=7650527735594355052

Request Chain 111

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D174905%26time%3D1673538827845%26url%3Dhttps%253A%252F%252Fexpel.com%252Fblog%252Fseven-ways-to-spot-business-email-compromise-office-365%252F%252522%252C%252522https%253A%252Fattack.mitre.org%252Ftechniques%252FT1114%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&cookiesTest=true&liSync=true&e_ipv6=AQJHoD8MMnkEkgAAAYWmr_faF3qHHl65fwupYgO0LQFmeOSVnfZXgPdVfqixSq9NJu4HvzPu

Request Chain 122

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=663333A311C549A1999C259E3F9BA600&RedC=c.clarity.ms&MXFR=132DE44405226D931C32F6D3012263EB HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=663333A311C549A1999C259E3F9BA600&MUID=30BC3A9CDDBA6CAC3E0E280BDC106D2A

201 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Redirect Chain

https://expel.io/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://attack.mitre.org/techniques/T1114/
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https://attack.mitre.org/techniques/T1114/
https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

122 KB
41 KB

55ms
55ms

Document
text/html

54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a0a21324b6c931181f39056b15ccc003f827dd63e70cf6edef1338c3597b5981

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 22
cache-control: public, max-age=600
content-encoding: gzip
content-length: 41055
content-type: text/html; charset=UTF-8
date: Thu, 12 Jan 2023 15:53:46 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://expel.com/wp-json/>; rel="https://api.w.org/"
server: nginx
strict-transport-security: max-age=300
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-62m64
x-served-by: cache-chi-klot8100100-CHI, cache-iad-kjyo7100102-IAD
x-styx-req-id: 3f121a8c-9291-11ed-a14b-2a3f230e02dc
x-timer: S1673538827.501086,VS0,VE2
x-ua-compatible: IE=edge

Redirect headers

accept-ranges: bytes
age: 22
cache-control: max-age=3600
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 12 Jan 2023 15:53:46 GMT
expires: Thu, 12 Jan 2023 16:53:24 GMT
location: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
server: nginx
strict-transport-security: max-age=300
vary: Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-gk4ch
x-redirect-by: WordPress
x-served-by: cache-chi-klot8100070-CHI, cache-iad-kjyo7100062-IAD
x-styx-req-id: 3edd83ab-9291-11ed-ac83-3e540027c9d7
x-timer: S1673538826.463027,VS0,VE6
x-ua-compatible: IE=edge

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 61ms
32ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 617
age: 7673542
cdn-cachedat: 2021-06-08 14:35:32
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cdn-cache: HIT
access-control-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 8e03a0f40ac23c08b1fbc5b05ccb27fd
timing-allow-origin: *
cdn-requestcountrycode: US
cf-ray: 788711222de2ecf2-YUL
cdn-requestpullsuccess: True

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
32 KB 98ms
18ms Script
application/x-javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.2.76 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DD2) /
Resource Hash: 1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
last-modified: Mon, 09 Jan 2023 19:32:36 GMT
server: ECS (nyb/1DD2)
age: 9273
etag: "c79199206124d91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 32316

GET
H2 200 quicklatex-format.css
expel.com/wp-content/plugins/wp-quicklatex/css/ 2 KB
1 KB 42ms
29ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/wp-quicklatex/css/quicklatex-format.css?ver=6.1

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

4063f3cf2ee2dcc8f7bfda33ca4d43c43b6acbc5b6d52c5352ef6791b3d5ef02

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 674
x-served-by: cache-chi-kigq8000104-CHI, cache-iad-kiad7000064-IAD
last-modified: Wed, 04 Jan 2023 20:30:49 GMT
server: nginx
x-timer: S1673538827.571910,VS0,VE1
etag: W/"63b5e1f9-883"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70ee6040-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 js_composer.min.css
expel.com/wp-content/plugins/js_composer/assets/css/ 474 KB
59 KB 44ms
31ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.6.0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

97b5b6bb0bfd4413504da4a5b78546698c75a127fff51b095080ee7fd3b8ec0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-h648z
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 59375
x-served-by: cache-chi-klot8100157-CHI, cache-iad-kjyo7100062-IAD
last-modified: Wed, 04 Jan 2023 20:30:50 GMT
server: nginx
x-timer: S1673538827.572111,VS0,VE2
etag: W/"63b5e1fa-76828"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70f6c7da-8d19-11ed-9009-42e98ed4f124
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 style.css
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/ 3 KB
1 KB 38ms
25ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/style.css?ver=1.12

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aeab6f0743cdde5d8f51116e097918579e39a27010295a83b5d9bae49f7e80e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-h648z
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 944
x-served-by: cache-chi-kigq8000025-CHI, cache-iad-kjyo7100102-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.572068,VS0,VE1
etag: W/"63b5e1f7-d8c"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70f6dae8-8d19-11ed-9009-42e98ed4f124
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 owl.theme.default.css
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/ 1 KB
909 B 155ms
143ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/owl.theme.default.css?ver=1.12

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

69e576e366786296a4fd1a3976f9fecc65f43c1b40e92c7e64c626bc52597632

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 426
x-served-by: cache-chi-klot8100115-CHI, cache-iad-kiad7000064-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.658201,VS0,VE1
etag: W/"63b5e1f7-429"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70f78410-8d19-11ed-bf03-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 owl.carousel.css
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/ 3 KB
1 KB 152ms
139ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/owl.carousel.css?ver=1.12

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b7c8d4a616f9ad465962fb1c81b57ec6bf5aadfa6fcff516c4891a9fd1262093

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-fnq5l
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: HIT, HIT
x-cache-hits: 1, 6
content-length: 954
x-served-by: cache-chi-kigq8000154-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:57 GMT
server: nginx
x-timer: S1673538827.644471,VS0,VE1
etag: W/"63b5e201-c5d"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70f85e5a-8d19-11ed-ab2b-1af7c874c338
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 animate.css
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/ 55 KB
6 KB 108ms
95ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/animate.css?ver=1.12

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

262543d80549b46b0cc352316b4526dbcfdeec726d8c4a85dd86a043f2a492f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-n7fzk
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: HIT, HIT
x-cache-hits: 1, 3
content-length: 5559
x-served-by: cache-chi-klot8100021-CHI, cache-iad-kjyo7100102-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.609412,VS0,VE1
etag: W/"63b5e1f7-dd7d"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70fbf83f-8d19-11ed-8fa0-b273b68972c5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 single-post.css
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/ 278 B
628 B 156ms
143ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/css/single-post.css?ver=1.12

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

154328df8cbf0e418cd07d834cc65eefe68c445219d4d108672d05710fd630d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-fnq5l
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 3
content-length: 141
x-served-by: cache-chi-kigq8000116-CHI, cache-iad-kcgs7200062-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.682616,VS0,VE1
etag: W/"63b5e1f7-116"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 70fcf431-8d19-11ed-ab2b-1af7c874c338
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 classic-themes.min.css
expel.com/wp-includes/css/ 217 B
674 B 153ms
140ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 189
x-served-by: cache-chi-kigq8000167-CHI, cache-iad-kjyo7100062-IAD
last-modified: Wed, 04 Jan 2023 20:30:53 GMT
server: nginx
x-timer: S1673538827.674688,VS0,VE0
etag: W/"63b5e1fd-d9"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 710966e3-8d19-11ed-bf03-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 ivory-search.min.css
expel.com/wp-content/plugins/add-search-to-menu/public/css/ 7 KB
2 KB 158ms
145ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/add-search-to-menu/public/css/ivory-search.min.css?ver=5.4.10

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

1dca4f2dcfb119cbe001fb3b31e559aed59674832f729fbf9170d2f23803f9c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 200749
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 1923
x-served-by: cache-chi-kigq8000109-CHI, cache-iad-kjyo7100102-IAD
last-modified: Sun, 08 Jan 2023 07:44:37 GMT
server: nginx
x-timer: S1673538827.648140,VS0,VE1
etag: W/"63ba7465-1a9b"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: e440b79f-90bd-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 08:07:57 GMT

GET
H2 200 style.css
expel.com/wp-content/themes/Total/ 226 KB
49 KB 181ms
168ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/style.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

1e90f1070a36b9af702e9dfe343699ad24792275f294a6711f2e02ed43722d99

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 3
content-length: 50076
x-served-by: cache-chi-kigq8000143-CHI, cache-iad-kcgs7200062-IAD
last-modified: Wed, 04 Jan 2023 20:30:52 GMT
server: nginx
x-timer: S1673538827.702333,VS0,VE0
etag: W/"63b5e1fc-387db"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 71090713-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 wpex-mobile-menu-breakpoint-min.css
expel.com/wp-content/themes/Total/assets/css/ 2 KB
987 B 132ms
120ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/css/wpex-mobile-menu-breakpoint-min.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

87dc5e63d855136c519f10d5bfb4b9b8932735683a6e74bcd53166b147908cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-vrgr5
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 501
x-served-by: cache-chi-kigq8000145-CHI, cache-iad-kjyo7100062-IAD
last-modified: Wed, 04 Jan 2023 20:30:52 GMT
server: nginx
x-timer: S1673538827.624499,VS0,VE0
etag: W/"63b5e1fc-642"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 7144c3e8-8d19-11ed-ad9a-426a1a3dbfaf
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 wpex-wpbakery.css
expel.com/wp-content/themes/Total/assets/css/ 19 KB
5 KB 159ms
146ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/css/wpex-wpbakery.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

3a5e42cacc441ab88f1dbe643ab56ecf6f171395d3fa2f764a4c4d9fa02a8c17

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 4272
x-served-by: cache-chi-kigq8000066-CHI, cache-iad-kjyo7100155-IAD
last-modified: Wed, 04 Jan 2023 20:30:49 GMT
server: nginx
x-timer: S1673538827.644843,VS0,VE0
etag: W/"63b5e1f9-4b39"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 710d908e-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 ticons.min.css
expel.com/wp-content/themes/Total/assets/lib/ticons/css/ 31 KB
8 KB 70ms
57ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/lib/ticons/css/ticons.min.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d9d4364a78ad8a1ae488d29d893bd7e6a5ded7b6b65e1243988b3cccb5adbea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 7603
x-served-by: cache-chi-kigq8000032-CHI, cache-iad-kiad7000064-IAD
last-modified: Wed, 04 Jan 2023 20:30:58 GMT
server: nginx
x-timer: S1673538827.597704,VS0,VE0
etag: W/"63b5e202-7de7"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 710a8cab-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 vcex-shortcodes.css
expel.com/wp-content/themes/Total/assets/css/ 20 KB
5 KB 165ms
153ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/css/vcex-shortcodes.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

90a016938d98920d1b22ffa5f36d3ba6796b5ebe6858e6b5bdc1cddc872cf174

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-n7fzk
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 3
content-length: 4752
x-served-by: cache-chi-kigq8000094-CHI, cache-iad-kjyo7100062-IAD
last-modified: Wed, 04 Jan 2023 20:30:49 GMT
server: nginx
x-timer: S1673538827.699672,VS0,VE0
etag: W/"63b5e1f9-4e4c"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 710fd0bf-8d19-11ed-8fa0-b273b68972c5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 nouislider.min.css
expel.com/wp-content/themes/expel-2017/css/ 4 KB
2 KB 205ms
194ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/expel-2017/css/nouislider.min.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f67e6e877653955ae2e03ac006607f2bbd01953cb5e8954116b165211befe54f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-n7fzk
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: HIT, HIT
x-cache-hits: 1, 2
content-length: 1361
x-served-by: cache-chi-kigq8000082-CHI, cache-iad-kjyo7100142-IAD
last-modified: Wed, 04 Jan 2023 20:30:52 GMT
server: nginx
x-timer: S1673538827.712693,VS0,VE0
etag: W/"63b5e1fc-10c7"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 7114bfef-8d19-11ed-8fa0-b273b68972c5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 main.prod.css
expel.com/wp-content/themes/expel-2017/css/ 229 KB
46 KB 192ms
181ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/expel-2017/css/main.prod.css?ver=1673389130

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c707eabfdf3115ceaf0e76697e5f7ce0511660692c64474e436a21a0e4067823

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 149648
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 46613
x-served-by: cache-chi-klot8100050-CHI, cache-iad-kiad7000064-IAD
last-modified: Tue, 10 Jan 2023 22:18:48 GMT
server: nginx
x-timer: S1673538827.705717,VS0,VE5
etag: W/"63bde448-39426"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: dee18429-9134-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 22:19:38 GMT

GET
H2 200 custom.css
expel.com/wp-content/themes/expel-2017/css/ 11 KB
3 KB 161ms
150ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/expel-2017/css/custom.css?ver=1673389130

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

67dd30b016796a0f97e39c2aff3a730cbae742cce659ffbcd1c4518cdc8309e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 149648
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 2683
x-served-by: cache-chi-kigq8000048-CHI, cache-iad-kjyo7100062-IAD
last-modified: Tue, 10 Jan 2023 22:18:50 GMT
server: nginx
x-timer: S1673538827.690939,VS0,VE0
etag: W/"63bde44a-2c34"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: df1d6601-9134-11ed-a60c-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 22:19:38 GMT

GET
H2 200 jquery-1.12.4-wp.js Show response
expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery/ 95 KB
39 KB 190ms
179ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-m5ff9
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 39394
x-served-by: cache-chi-klot8100086-CHI, cache-iad-kjyo7100102-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.703671,VS0,VE2
etag: W/"63b5e1f7-17a56"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 71193f1c-8d19-11ed-bd83-ae00ccc1d246
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 owl.carousel2-min.js Show response
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/js/min/ 42 KB
13 KB 179ms
169ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/js/min/owl.carousel2-min.js?ver=1.3.3

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c81c74d2c9334e65184b3bdca580494dac18d247b598415b37c89e83411a65be

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 201305
x-cache: MISS, HIT
x-cache-hits: 0, 4
content-length: 13136
x-served-by: cache-chi-kigq8000049-CHI, cache-iad-kcgs7200062-IAD
last-modified: Sun, 08 Jan 2023 06:09:51 GMT
server: nginx
x-timer: S1673538827.706621,VS0,VE0
etag: W/"63ba5e2f-a767"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 992e6772-90bc-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 07:58:41 GMT

GET
H2 200 script-min.js Show response
expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/js/min/ 44 KB
14 KB 165ms
155ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/carousel-anything-for-vc/carousel-anything/js/min/script-min.js?ver=1.12

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

faaef704fadda205ac958aae44d2ec7fd73576fecb4d21e1b6cccf8d5c031b62

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 5
content-length: 13806
x-served-by: cache-chi-kigq8000067-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.701084,VS0,VE0
etag: W/"63b5e1f7-ae44"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 711f36a4-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:12 GMT

GET
H2 200 core.min.js Show response
expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/ 4 KB
2 KB 203ms
193ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/core.min.js?ver=1.11.4-wp

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

46e6f42a22054a793841935920cbbc723856e339fead50fa33c1f1bb3ec5a251

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 203053
x-cache: MISS, HIT
x-cache-hits: 0, 7
content-length: 1906
x-served-by: cache-chi-klot8100156-CHI, cache-iad-kjyo7100155-IAD
last-modified: Sun, 08 Jan 2023 11:41:21 GMT
server: nginx
x-timer: S1673538827.712853,VS0,VE0
etag: W/"63baabe1-f5b"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 87805857-90b8-11ed-9a48-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 07:29:34 GMT

GET
H2 200 widget.min.js Show response
expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/ 7 KB
3 KB 162ms
152ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/widget.min.js?ver=1.11.4-wp

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2cd83d5a29914ad4797748d8e80fbc42c2131fbce9bbcdf2749a275fc7db875f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-n7fzk
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 2801
x-served-by: cache-chi-kigq8000108-CHI, cache-iad-kcgs7200062-IAD
last-modified: Wed, 04 Jan 2023 20:30:57 GMT
server: nginx
x-timer: S1673538827.697689,VS0,VE0
etag: W/"63b5e201-1ab6"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 712210bc-8d19-11ed-8fa0-b273b68972c5
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 mouse.min.js Show response
expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/ 3 KB
2 KB 165ms
155ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/mouse.min.js?ver=1.11.4-wp

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c04837b935b6d1fac0cbffc4a53bf19a6d89029742dbc4c8ad001c1078f5f957

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 3
content-length: 1097
x-served-by: cache-chi-klot8100138-CHI, cache-iad-kjyo7100062-IAD
last-modified: Wed, 04 Jan 2023 20:30:50 GMT
server: nginx
x-timer: S1673538827.701543,VS0,VE0
etag: W/"63b5e1fa-c46"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 7128810d-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 sortable.min.js Show response
expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/ 24 KB
8 KB 201ms
192ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/sortable.min.js?ver=1.11.4-wp

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

29c9837d879a61c89343a4961a24baec69825d8fb1da68bdaa329869596455c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-tv7cf
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 7653
x-served-by: cache-chi-kigq8000083-CHI, cache-iad-kjyo7100102-IAD
last-modified: Wed, 04 Jan 2023 20:30:50 GMT
server: nginx
x-timer: S1673538827.711717,VS0,VE0
etag: W/"63b5e1fa-613b"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 712b3a6a-8d19-11ed-bde3-6e2c7af024c2
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 resizable.min.js Show response
expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/ 18 KB
7 KB 186ms
178ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/enable-jquery-migrate-helper/js/jquery-ui/resizable.min.js?ver=1.11.4-wp

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c92c6a06a05ebbc74655d4d596a2e169f97f1ad070ee073e4024106654441a7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-h648z
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 6163
x-served-by: cache-chi-kigq8000164-CHI, cache-iad-kjyo7100021-IAD
last-modified: Wed, 04 Jan 2023 20:30:57 GMT
server: nginx
x-timer: S1673538827.706343,VS0,VE1
etag: W/"63b5e201-47e3"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 712c2c46-8d19-11ed-9009-42e98ed4f124
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 acf.min.js Show response
expel.com/wp-content/plugins/advanced-custom-fields-pro/assets/build/js/ 28 KB
11 KB 159ms
151ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/advanced-custom-fields-pro/assets/build/js/acf.min.js?ver=6.0.3

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

7c84228ed9fda37b1a705d323bf1a6b1ed68d1adf2a4e3cdf5d6fb4d654bae07

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-88lxb
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 10508
x-served-by: cache-chi-klot8100093-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:50 GMT
server: nginx
x-timer: S1673538827.699321,VS0,VE0
etag: W/"63b5e1fa-709e"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 712c08c9-8d19-11ed-9319-066420eea61e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 acf-input.min.js Show response
expel.com/wp-content/plugins/advanced-custom-fields-pro/assets/build/js/ 99 KB
34 KB 202ms
195ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/advanced-custom-fields-pro/assets/build/js/acf-input.min.js?ver=6.0.3

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f0fa9763374400318fbbb9ede5deeaf318f8423a2dd52c1f66303f95bd7db097

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-vrgr5
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 33871
x-served-by: cache-chi-kigq8000103-CHI, cache-iad-kjyo7100102-IAD
last-modified: Wed, 04 Jan 2023 20:30:50 GMT
server: nginx
x-timer: S1673538827.714198,VS0,VE1
etag: W/"63b5e1fa-18a85"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 712df2c4-8d19-11ed-ad9a-426a1a3dbfaf
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 input_conditional_taxonomy.js Show response
expel.com/wp-content/plugins/ACF-Conditional-Taxonomy-Rules/includes/ 1 KB
1 KB 174ms
166ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/ACF-Conditional-Taxonomy-Rules/includes/input_conditional_taxonomy.js?ver=3.0.0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

d4a29d779cb19d3ac85c2178ce96d30e9cd647d68d9b6eccd0613dfc51798668

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 621
x-served-by: cache-chi-kigq8000064-CHI, cache-iad-kiad7000064-IAD
last-modified: Wed, 04 Jan 2023 20:30:56 GMT
server: nginx
x-timer: S1673538827.702139,VS0,VE2
etag: W/"63b5e200-578"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 712f6103-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 wp-quicklatex-frontend.js Show response
expel.com/wp-content/plugins/wp-quicklatex/js/ 619 B
953 B 157ms
150ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/wp-quicklatex/js/wp-quicklatex-frontend.js?ver=1.0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e7b9e73338554c8f9cc6dc934fc765f21b7f12b42c3908b07347dfb5fb90f165

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-fnq5l
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: MISS, HIT
x-cache-hits: 0, 6
content-length: 456
x-served-by: cache-chi-klot8100119-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:49 GMT
server: nginx
x-timer: S1673538827.694280,VS0,VE0
etag: W/"63b5e1f9-26b"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 71342c50-8d19-11ed-ab2b-1af7c874c338
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 expel-io-logo-dark-registered.svg
expel.com/wp-content/uploads/2018/08/ 3 KB
2 KB 39ms
36ms Image
image/svg+xml 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expel.com/wp-content/uploads/2018/08/expel-io-logo-dark-registered.svg

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

83024b4d50640c765fd212f5c6d5a6a57a2146088b005381868849db10dffcb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-n6np2
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601233
x-cache: HIT, HIT
expires: Sun, 31 Dec 2023 15:49:18 GMT
content-length: 1429
x-served-by: cache-chi-kigq8000156-CHI, cache-iad-kcgs7200062-IAD
last-modified: Tue, 23 Mar 2021 17:35:59 GMT
server: nginx
x-timer: S1673538827.046492,VS0,VE0
etag: W/"605a26ff-cb0"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 84f2ff09-8859-11ed-b845-76522580b6ac
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 2

GET
H2 200 ticons-webfont.woff2
expel.com/wp-content/themes/Total/assets/lib/ticons/fonts/ 75 KB
76 KB 178ms
172ms Font
font/woff2 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/lib/ticons/fonts/ticons-webfont.woff2

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Sat, 06 Jan 2024 16:53:36 GMT
date: Thu, 12 Jan 2023 15:53:46 GMT
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 6
age: 601210
x-cache: HIT, HIT
content-length: 77160
x-served-by: cache-chi-kigq8000157-CHI, cache-iad-kjyo7100155-IAD
last-modified: Wed, 04 Jan 2023 20:30:58 GMT
server: nginx
x-timer: S1673538827.698917,VS0,VE0
etag: "63b5e202-12d68"
content-type: font/woff2
access-control-allow-origin: *
x-styx-req-id: 7f31bcb3-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57

GET
H2 200 stars
www.g2.com/products/expel/widgets/ 19 KB
21 KB 208ms
141ms Image
image/png 2606:4700::6812:6494
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.g2.com/products/expel/widgets/stars?color=white&type=reviews

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6494 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

335232b6561e0fbf8142961ab04844d975fb1f4ba7ea1e0535557897da8ce364

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src * 'self' .g2crowd.com .g2.com; frame-src * 'self' .g2crowd.com .g2.com; font-src * data: 'self' .g2crowd.com .g2.com; form-action * 'self' .g2crowd.com .g2.com; img-src * data: blob: 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src * blob: 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' .g2crowd.com .g2.com; style-src * 'unsafe-inline' 'self' .g2crowd.com .g2.com; worker-src * blob: 'self' .g2crowd.com .g2.com; frame-ancestors *
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action * 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-transfer-encoding: binary
content-disposition: inline; filename="white-9.png"; filename*=UTF-8''white-9.png
x-xss-protection: 1; mode=block
x-request-id: f8c49a90-f324-4fbf-a10b-ad433a354b8e
x-runtime: 0.031344
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 11 Jan 2023 22:30:19 GMT
server: cloudflare
etag: W/"83459ef69e451018b064b5d4a74e47d4"
x-download-options: noopen
vary: Origin,Accept-Encoding
content-type: image/png
we_are_hiring: https://company.g2.com/careers/open-positions
cache-control: max-age=0, private, must-revalidate
cf-ray: 7887112559220ce9-EWR

GET
H2 200 BPTW-logo-68.png
expel.com/wp-content/uploads/2021/07/ 8 KB
8 KB 39ms
37ms Image
image/png 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expel.com/wp-content/uploads/2021/07/BPTW-logo-68.png

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f4f74bbad66d7e96390d25c5ea46cdb64d0570401582563d22c937abf0806805

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Thu, 14 Dec 2023 20:56:27 GMT
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 1
age: 601231
x-cache: HIT, HIT
content-length: 8140
x-served-by: cache-chi-kigq8000171-CHI, cache-iad-kiad7000064-IAD
last-modified: Tue, 06 Jul 2021 16:53:28 GMT
server: nginx
x-timer: S1673538827.046129,VS0,VE1
etag: "60e48a88-1fcc"
content-type: image/png
x-styx-req-id: 9cc55f2c-7b28-11ed-83fa-4eeb17cc5945
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe2-b-749969788b-jxnwn

GET
H2 200 iso27001_seal_grey_webversion_150x50px_png.png
expel.com/wp-content/uploads/2018/08/ 21 KB
21 KB 44ms
42ms Image
image/png 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expel.com/wp-content/uploads/2018/08/iso27001_seal_grey_webversion_150x50px_png.png

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

36c40f30897f929bafd68f5c638380ee88232a849f986fa2988c704449e606ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Thu, 14 Dec 2023 20:56:27 GMT
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 1, 8
age: 601231
x-cache: HIT, HIT
content-length: 21434
x-served-by: cache-chi-kigq8000168-CHI, cache-iad-kjyo7100155-IAD
last-modified: Tue, 23 Mar 2021 17:35:59 GMT
server: nginx
x-timer: S1673538827.049094,VS0,VE1
etag: "605a26ff-53ba"
content-type: image/png
x-styx-req-id: 9cc44d30-7b28-11ed-a8e4-021c735fba4a
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe2-b-749969788b-dskhz

GET
H2 200 aicpa-soc-68.png
expel.com/wp-content/uploads/2021/07/ 8 KB
8 KB 46ms
44ms Image
image/png 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://expel.com/wp-content/uploads/2021/07/aicpa-soc-68.png

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

9ee70b9597985abb196354f055937f16643e8d32fb6c4ec6e2adb9e7bd0b540b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires: Wed, 06 Dec 2023 19:10:18 GMT
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 2, 1
age: 601231
x-cache: HIT, HIT
content-length: 8097
x-served-by: cache-chi-kigq8000115-CHI, cache-iad-kcgs7200062-IAD
last-modified: Tue, 06 Jul 2021 16:53:30 GMT
server: nginx
x-timer: S1673538827.048921,VS0,VE2
etag: "60e48a8a-1fa1"
content-type: image/png
x-styx-req-id: 74f29981-74d0-11ed-830d-122badd39cc0
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe2-a-86d8b58f4d-x2x9k

GET
H2 200 hoverIntent.min.js Show response
expel.com/wp-content/themes/Total/assets/js/core/ 1 KB
1 KB 33ms
32ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/js/core/hoverIntent.min.js?ver=1.10.1

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5575d22bbb7b326cdea46415b913ef2cb88cbe286e14256aac8ae7505f51a833

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 145258
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 702
x-served-by: cache-chi-kigq8000094-CHI, cache-iad-kjyo7100021-IAD
last-modified: Tue, 10 Jan 2023 22:18:50 GMT
server: nginx
x-timer: S1673538827.781416,VS0,VE1
etag: W/"63bde44a-5db"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 17bbcdea-913f-11ed-a60c-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 23:32:48 GMT

GET
H2 200 supersubs.min.js Show response
expel.com/wp-content/themes/Total/assets/js/core/ 866 B
985 B 45ms
44ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/js/core/supersubs.min.js?ver=0.3b

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

36c44093111f86bfb1d1c9ad9b13b4c3aab6ded96c5feca3fc797ae554bfb217

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-m5ff9
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 490
x-served-by: cache-chi-klot8100153-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:58 GMT
server: nginx
x-timer: S1673538827.824986,VS0,VE2
etag: W/"63b5e202-362"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 713880ba-8d19-11ed-bd83-ae00ccc1d246
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 superfish.min.js Show response
expel.com/wp-content/themes/Total/assets/js/core/ 4 KB
2 KB 32ms
31ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/js/core/superfish.min.js?ver=1.7.4

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

49833d4630b9210a068354f7b8cb192d76b5b66086874772f84e819a7b691276

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 5
content-length: 1662
x-served-by: cache-chi-klot8100104-CHI, cache-iad-kjyo7100155-IAD
last-modified: Wed, 04 Jan 2023 20:30:49 GMT
server: nginx
x-timer: S1673538827.865965,VS0,VE0
etag: W/"63b5e1f9-ebf"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 713a3391-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 jquery.easing.min.js Show response
expel.com/wp-content/themes/Total/assets/js/core/ 2 KB
1 KB 34ms
33ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/js/core/jquery.easing.min.js?ver=1.3.2

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

73fdb1dca6065de3e0bd723ec44423a863bf28475a359de802fa7a6e9fc4633e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 806
x-served-by: cache-chi-kigq8000130-CHI, cache-iad-kjyo7100021-IAD
last-modified: Wed, 04 Jan 2023 20:30:58 GMT
server: nginx
x-timer: S1673538827.878119,VS0,VE1
etag: W/"63b5e202-8f9"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 713ee7ff-8d19-11ed-bf03-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 total.min.js Show response
expel.com/wp-content/themes/Total/assets/js/ 41 KB
14 KB 30ms
30ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/js/total.min.js?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

47713a2c5569c4ef644b68e23faac6b2402321213d8997757fb354710528f307

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 5
content-length: 13506
x-served-by: cache-chi-kigq8000109-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:49 GMT
server: nginx
x-timer: S1673538827.912344,VS0,VE0
etag: W/"63b5e1f9-a5c4"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 7141ab84-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 ivory-search.min.js Show response
expel.com/wp-content/plugins/add-search-to-menu/public/js/ 4 KB
2 KB 30ms
30ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js?ver=5.4.10

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b0fadf75681475e975bd2bdaceac6c08e8f5ef06f9a1c7fe9f3f7a571f5bc935

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 9
content-length: 1356
x-served-by: cache-chi-kigq8000028-CHI, cache-iad-kjyo7100155-IAD
last-modified: Wed, 04 Jan 2023 20:30:47 GMT
server: nginx
x-timer: S1673538827.945497,VS0,VE0
etag: W/"63b5e1f7-11ef"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 7142b7ff-8d19-11ed-8228-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 slick.js Show response
expel.com/wp-content/themes/expel-2017/js/libs/ 87 KB
20 KB 32ms
32ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/expel-2017/js/libs/slick.js?ver=1

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-88lxb
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 19990
x-served-by: cache-chi-kigq8000150-CHI, cache-iad-kjyo7100021-IAD
last-modified: Wed, 04 Jan 2023 20:30:50 GMT
server: nginx
x-timer: S1673538827.978189,VS0,VE1
etag: W/"63b5e1fa-15b7b"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 714690c6-8d19-11ed-9319-066420eea61e
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 isotope.pkgd.min.js Show response
expel.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/ 35 KB
12 KB 30ms
30ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.6.0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f31914cfde2f16e02ab4d628bb4174d58c9486f153e9ed4d39b1650fc09dd15a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:46 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: HIT, HIT
x-cache-hits: 2, 6
content-length: 11978
x-served-by: cache-chi-klot8100175-CHI, cache-iad-kcgs7200096-IAD
last-modified: Wed, 04 Jan 2023 20:30:57 GMT
server: nginx
x-timer: S1673538827.986311,VS0,VE0
etag: W/"63b5e201-8b8a"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 7145af79-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 bundle.prod.js Show response
expel.com/wp-content/themes/expel-2017/js/ 233 KB
81 KB 37ms
34ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/expel-2017/js/bundle.prod.js?ver=1673389130

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6c85779799bcae6814743b55143e79953fbcbf096e805fe7c68e754b45629e74

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 149649
x-cache: MISS, HIT
x-cache-hits: 0, 4
content-length: 82199
x-served-by: cache-chi-klot8100112-CHI, cache-iad-kjyo7100155-IAD
last-modified: Tue, 10 Jan 2023 22:18:49 GMT
server: nginx
x-timer: S1673538827.045563,VS0,VE1
etag: W/"63bde449-3a465"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: df209ed4-9134-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 22:19:38 GMT

GET
H2 200 custom.js Show response
expel.com/wp-content/themes/expel-2017/js/ 673 B
809 B 41ms
38ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/expel-2017/js/custom.js?ver=1673389130

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6d0e24692c4413806e776a723a628f61a358836b7b67d413d04b0dd9a34dec4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 149648
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 314
x-served-by: cache-chi-klot8100027-CHI, cache-iad-kjyo7100021-IAD
last-modified: Tue, 10 Jan 2023 22:18:50 GMT
server: nginx
x-timer: S1673538827.046302,VS0,VE2
etag: W/"63bde44a-2a1"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: df3e47d0-9134-11ed-a60c-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 22:19:38 GMT

GET
H2 200 vcex-shortcodes.min.js Show response
expel.com/wp-content/plugins/total-theme-core/inc/vcex/assets/js/ 3 KB
2 KB 42ms
39ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/total-theme-core/inc/vcex/assets/js/vcex-shortcodes.min.js?ver=1.2.10

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

26520a5d469fc4fa344a2a02d173ee9d8c5cff774f79b22ff7d9630497e64ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-vrgr5
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 191890
x-cache: MISS, HIT
x-cache-hits: 0, 4
content-length: 1250
x-served-by: cache-chi-kigq8000093-CHI, cache-iad-kcgs7200096-IAD
last-modified: Sun, 08 Jan 2023 07:44:39 GMT
server: nginx
x-timer: S1673538827.047490,VS0,VE0
etag: W/"63ba7467-b1c"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 8588dd29-90d2-11ed-b2ac-426a1a3dbfaf
cache-control: max-age=31622400
accept-ranges: bytes
expires: Thu, 11 Jan 2024 10:35:37 GMT

GET
H2 200 js_composer_front.min.js Show response
expel.com/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
7 KB 42ms
39ms Script
application/x-javascript 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.6.0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

314ce6baaa3218eb171fa2c278d7fdf1b9872305dfa667e9cbf2df77c83a9a88

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601234
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 6634
x-served-by: cache-chi-kigq8000110-CHI, cache-iad-kcgs7200063-IAD
last-modified: Wed, 04 Jan 2023 20:30:57 GMT
server: nginx
x-timer: S1673538827.046695,VS0,VE2
etag: W/"63b5e201-509d"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 714feeea-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:13 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 301 KB
93 KB 102ms
51ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

81850589818a7e93ccbe04ddffa6aa6a4f3ab268f6a2a10a9b47b97d8d383294

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94357
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 15:53:47 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 31 KB
10 KB 108ms
19ms Script
application/javascript 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Dec 2022 20:20:43 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63890c9b-7ad6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10143
expires: Thu, 12 Jan 2023 15:53:47 GMT

GET
H2 200 wpex-mobile-menu-breakpoint-max.css
expel.com/wp-content/themes/Total/assets/css/ 898 B
800 B 43ms
41ms Stylesheet
text/css 54.156.130.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://expel.com/wp-content/themes/Total/assets/css/wpex-mobile-menu-breakpoint-max.css?ver=5.0.6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.130.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-130-60.compute-1.amazonaws.com

Software

nginx /

Resource Hash

79960bf70a9d0360c03fc4e01f3a57cd49c67f0ce53329d4df510401046b65c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=300
age: 601231
x-cache: MISS, HIT
x-cache-hits: 0, 2
content-length: 317
x-served-by: cache-chi-kigq8000024-CHI, cache-iad-kiad7000064-IAD
last-modified: Wed, 04 Jan 2023 20:30:52 GMT
server: nginx
x-timer: S1673538827.049228,VS0,VE0
etag: W/"63b5e1fc-382"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 73065127-8d19-11ed-b0bb-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
expires: Sat, 06 Jan 2024 16:53:16 GMT

GET
H2 200 lct5azo.css
use.typekit.net/ 6 KB
1 KB 109ms
30ms Stylesheet
text/css 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/lct5azo.css

Requested by

Host: expel.com
URL: https://expel.com/wp-content/themes/expel-2017/css/main.prod.css?ver=1673389130

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

cdf8baf4a9dad883aa772cce20533f07ae9651c61b16145ec2f6df816ff59fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 12 Jan 2023 15:53:46 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 967

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 108ms
19ms Stylesheet
text/css 2600:141b:13::17d7:8252
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=lct5azo&ht=tk&f=171.172.173.174.175.176.5474.5475.25136.25137.5200&a=765319&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8252 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:46 GMT
last-modified: Thu, 28 Jul 2022 21:30:08 GMT
server: nginx
etag: "62e2ffe0-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/219c30/00000000000000003b9b0389/27/ 19 KB
19 KB 76ms
21ms Font
application/font-woff2 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/219c30/00000000000000003b9b0389/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 50bfd91bb65762023b74efba030d3212fef8f6261707ba8edb9e4b28d13bb5ed

Request headers

Referer: https://use.typekit.net/lct5azo.css
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
server: nginx
etag: "7c243ed5f8437a6687e49316f96967fcfd3feb05"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19160

GET
H2 200 rating_schema.json Show response
www.g2.com/products/expel/ 302 B
2 KB 209ms
171ms Fetch
application/json 2606:4700::6812:6494
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.g2.com/products/expel/rating_schema.json

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6494 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b45849258801d8c7f52a8440b625bc6d5f7382052813afcb081bb2486e84882

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src * 'self' .g2crowd.com .g2.com; frame-src * 'self' .g2crowd.com .g2.com; font-src * data: 'self' .g2crowd.com .g2.com; form-action * 'self' .g2crowd.com .g2.com; img-src * data: blob: 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src * blob: 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' .g2crowd.com .g2.com; style-src * 'unsafe-inline' 'self' .g2crowd.com .g2.com; worker-src * blob: 'self' .g2crowd.com .g2.com; frame-ancestors *
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src * 'self' *.g2crowd.com *.g2.com; frame-src * 'self' *.g2crowd.com *.g2.com; font-src * data: 'self' *.g2crowd.com *.g2.com; form-action * 'self' *.g2crowd.com *.g2.com; img-src * data: blob: 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob: 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.g2crowd.com *.g2.com; style-src * 'unsafe-inline' 'self' *.g2crowd.com *.g2.com; worker-src * blob: 'self' *.g2crowd.com *.g2.com; frame-ancestors *
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: b9f83808-8102-45a2-82e4-df870f69dc87
x-runtime: 0.056854
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"0b45849258801d8c7f52a8440b625bc6"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers
we_are_hiring: https://company.g2.com/careers/open-positions
cache-control: max-age=0, private, must-revalidate
content-type: application/json; charset=utf-8
vary: Origin,Accept-Encoding
cf-ray: 788711253d29ecee-YUL

GET
H2 200 l
use.typekit.net/af/329083/00000000000000003b9b04ff/27/ 17 KB
17 KB 68ms
40ms Font
application/font-woff2 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/329083/00000000000000003b9b04ff/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ee623088efef15d6dfbcb15db1698428a516ed52362ff3643cff0577a4f6b26c

Request headers

Referer: https://use.typekit.net/lct5azo.css
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
server: nginx
etag: "b26e8805dda22618793ce8af46f3989811d10025"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17120

GET
H2 200 l
use.typekit.net/af/77eeb5/00000000000000003b9b038b/27/ 19 KB
19 KB 50ms
22ms Font
application/font-woff2 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/77eeb5/00000000000000003b9b038b/27/l?subset_id=2&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1e73c80146f80f959b8145882f2ffe28ede116eedcdab05b07f197f8fac54f01

Request headers

Referer: https://use.typekit.net/lct5azo.css
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
server: nginx
etag: "18fb8b1665cf28d1620dea9d12b4e58d798da256"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19648

GET
H2 200 l
use.typekit.net/af/ed2fe5/00000000000000003b9b0387/27/ 19 KB
19 KB 51ms
23ms Font
application/font-woff2 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ed2fe5/00000000000000003b9b0387/27/l?subset_id=2&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: add54347c552dee400f4da9399415a8a5dc6c7000647219699ef7cf137d7bd3b

Request headers

Referer: https://use.typekit.net/lct5azo.css
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
server: nginx
etag: "827740685bdd76953c6decc23337cc1cd68e9bc9"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19208

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
327 B 19ms
18ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=26ea3c5b8ff04845ad721ccb31cdef18&_biz_s=7056db&_biz_l=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_biz_t=1673538826660&_biz_i=Page%20not%20found%20-%20Expel&_biz_n=0&rnd=651127&cdn_o=a&_biz_z=1673538827119
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.2.76 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D07) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
last-modified: Sun, 08 Jan 2023 13:19:12 GMT
server: ECS (nyb/1D07)
age: 354875
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
202 B 20ms
19ms Image
image/gif 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=26ea3c5b8ff04845ad721ccb31cdef18&_biz_s=7056db&_biz_l=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_biz_t=1673538827122&_biz_i=Page%20not%20found%20-%20Expel&rnd=38812&cdn_o=a&_biz_z=1673538827122
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.2.76 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D33) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
last-modified: Sun, 08 Jan 2023 20:10:05 GMT
server: ECS (nyb/1D33)
age: 330222
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 186069134d483966274921a88b225458ba56902314f389b82e27a65735650cf1

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 l
use.typekit.net/af/8e11d4/00000000000000003b9b038c/27/ 19 KB
19 KB 20ms
20ms Font
application/font-woff2 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8e11d4/00000000000000003b9b038c/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 62c0466b6e78094d8bb9b9fb50f13f3eb39e3be88dce7663ecfbcabde18b64bc

Request headers

Referer: https://use.typekit.net/lct5azo.css
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
server: nginx
etag: "50fb462bb968fa8996b7f205254cfa92e534ea41"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19600

GET
H2 200 l
use.typekit.net/af/6a07dc/00000000000000003b9b0385/27/ 18 KB
19 KB 22ms
22ms Font
application/font-woff2 2600:141b:13::17d7:8279
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6a07dc/00000000000000003b9b0385/27/l?subset_id=2&fvd=n1&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lct5azo.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8279 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 85ecfdf8c0b9326d81efc9756ae9fbbb770b43085e7936e7a00459ec83a46864

Request headers

Referer: https://use.typekit.net/lct5azo.css
Origin: https://expel.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
server: nginx
etag: "ae1237a7cbfd55358713640735901db99804f4a1"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18744

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
419 B 54ms
54ms Script
text/javascript 152.199.2.76
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=26ea3c5b8ff04845ad721ccb31cdef18&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.11.28
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.2.76 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D31) /
Resource Hash: 4638e49c50d5847ec06ec24064ee9c5746248370e0c476d74f85deb9c7fe5df1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type: text/javascript; charset=utf-8
date: Thu, 12 Jan 2023 15:53:46 GMT
cache-control: private, must-revalidate, max-age=21600
server: ECS (nyb/1D31)
etag: D31300E5
content-length: 116
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
813 B 62ms
19ms XHR
application/json 68.67.179.164
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.164 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 12 Jan 2023 15:53:47 GMT
AN-X-Request-Uuid: 015400ff-fa85-4d6d-a9ab-83ed1ff7e4d3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://expel.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.183; 149.56.153.183; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
198 B 33ms
21ms XHR
text/html 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-4-230-40.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://expel.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
251 B 93ms
25ms XHR
text/html 2600:1400:d:5a1::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:5a1::1c91 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a4f562534e62ae4287bbb482954c259b1089bba05611d0bbb06d48811c9125b1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://expel.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2607:5300:60:7867::3
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 20
expires: Thu, 12 Jan 2023 15:53:47 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 68ms
20ms Script
application/javascript 199.232.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.36.157 New York, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 15:55:14 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100040-IAD, cache-lga21967-LGA

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 113ms
62ms Script
application/x-javascript 104.102.141.31
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.141.31 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-141-31.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 15:53:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 24 KB
8 KB 70ms
29ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d277a90920d78efa3d6e473d67240beb26100591c7b02a34bd444aa78ee5d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: WdCEPqU1pnnoNr/cT9hHyQ==
age: 54799
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8053
x-ms-lease-status: unlocked
last-modified: Wed, 11 Jan 2023 13:31:24 GMT
server: cloudflare
etag: 0x8DAF3D822886150
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0860bd8b-001e-0030-2a1a-2682cc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7887112689b07138-YUL

GET
H2 200 hotjar-3182238.js Show response
static.hotjar.com/c/ 8 KB
4 KB 437ms
161ms Script
application/javascript 18.66.2.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3182238.js?sv=6

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.2.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-2-60.txl50.r.cloudfront.net

Software

Resource Hash

75f4587475a23f3b854ec671a1b2fecfdffdf39b0e4d385613b28a6ffaf7980c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 34b1c34c66934433754744fce7e1a402.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
etag: W/34f9355f6442303f282f4d2a12035a5d
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 4M5h7C70KV2Ciz-3rrDEDa9He1DovZosJB1mRdlh9GqqeCz959-LqA==

GET
H/1.1 200
OK pixel.js Show response
origin.acuityplatform.com/event/v2/ 2 KB
3 KB 149ms
41ms Script
application/javascript 104.95.194.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://origin.acuityplatform.com/event/v2/pixel.js
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.95.194.74 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-95-194-74.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 /
Resource Hash: 89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 15:53:47 GMT
Last-Modified: Wed, 04 Jan 2023 18:57:40 GMT
Server: nginx/1.14.0
ETag: "63b5cc24-978"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2424

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 89ms
42ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 12 Jan 2023 15:53:46 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0E4A57BE80EB4454B18B4FAA7A479B9D Ref B: YTO01EDGE0512 Ref C: 2023-01-12T15:53:47Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1585696&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1585696%26t%3D2

43 B
1 KB

21ms
21ms

Image
image/gif

68.67.179.164
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1585696%26t%3D2

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

HTTP/1.1

Server

68.67.179.164 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 12 Jan 2023 15:53:47 GMT
AN-X-Request-Uuid: 7e355a49-25f7-41eb-a09e-1c8c446a389c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.183; 149.56.153.183; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 12 Jan 2023 15:53:47 GMT
AN-X-Request-Uuid: 9b3dd963-39b8-4684-92e6-2cbaad20bd8f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1585696%26t%3D2
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 149.56.153.183; 149.56.153.183; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/seg?add=30064804
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D30064804

43 B
1 KB

20ms
20ms

Image
image/gif

68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D30064804

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

HTTP/1.1

Server

68.67.181.211 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 12 Jan 2023 15:53:47 GMT
AN-X-Request-Uuid: 2bbd79ba-cd36-4883-9e76-9b321b36303a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 149.56.153.183; 149.56.153.183; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date: Thu, 12 Jan 2023 15:53:47 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.183; 149.56.153.183; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 70c53471-a229-41e0-bc9e-a6c8dfd2dfd1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D30064804
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 49ms
38ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A47%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 39ms
39ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=ipv6&q=%7B%22address%22%3A%222607%3A5300%3A60%3A7867%3A%3A3%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
376 B 125ms
42ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=4abc43e6-93f9-45b9-90d1-99576a5d4ba9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=526579f1-acf3-4e1b-abcf-dfd497e34841&tw_document_href=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o49af&type=javascript&version=2.3.29

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 6
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 6c4076f73abb9716
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 29b911d5145a4bf703501775b6787c489a7e8fbd3c5a93e98ff736cd2ffecc15
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 149ms
47ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=4abc43e6-93f9-45b9-90d1-99576a5d4ba9&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=526579f1-acf3-4e1b-abcf-dfd497e34841&tw_document_href=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o49af&type=javascript&version=2.3.29

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 5
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: cfc21f9e367f6259
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: d78b641a9349cc3950c5207dc4a9f6aa6e99b104e24d9778e8dad92b0c2eed38
content-length: 43

GET
H2 200 61efe77d-0697-4da3-8555-fc009a8276d8.json Show response
cdn.cookielaw.org/consent/61efe77d-0697-4da3-8555-fc009a8276d8/ 3 KB
2 KB 77ms
36ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/61efe77d-0697-4da3-8555-fc009a8276d8/61efe77d-0697-4da3-8555-fc009a8276d8.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf555841b32a535d140aef673345cf1edf3d546f77691fcf35eb9dfa6465df23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ZmA/ufekD9Bg48edCzVLvA==
age: 35999
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1329
x-ms-lease-status: unlocked
last-modified: Fri, 04 Mar 2022 19:13:53 GMT
server: cloudflare
etag: 0x8D9FE131F2DDCD2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e6400c91-001e-005d-151b-5328e2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 788711273ba6e6f0-EWR
expires: Fri, 13 Jan 2023 15:53:47 GMT

GET
H2 200 etuCapturev0-06.min.js Show response
info.expel.com/rs/986-VWL-068/images/ 7 KB
2 KB 145ms
62ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.expel.com/rs/986-VWL-068/images/etuCapturev0-06.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3a5bb8fdec7d6c686e33952e5dcf921125fd7c7242dc94f7fe569686d8e6ae8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 15 Oct 2022 02:21:20 GMT
server: cloudflare
etag: "2e622dd-1cc3-5eb0965e9a2dd"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 7887112789d9a250-YYZ
content-length: 1938
expires: Thu, 12 Jan 2023 15:54:47 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
6 KB 141ms
141ms Script
application/x-javascript 104.102.141.31
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.141.31 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-141-31.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 15:53:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Sat, 22 Apr 2023 15:53:47 GMT

GET
H2 200 343009800.js Show response
bat.bing.com/p/action/ 3 KB
2 KB 63ms
63ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/343009800.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

813b0556df0bd4936d3dc4a84028c978c6336b94991581b42cc5c1b1da5fe932

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 12 Jan 2023 15:53:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B1835B5D7DD0403683D45A5A9C8063AB Ref B: YTO01EDGE0512 Ref C: 2023-01-12T15:53:47Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 1447

GET
H2 204 0
bat.bing.com/action/ 0
177 B 35ms
35ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=343009800&Ver=2&mid=cd57ed40-d4a2-4182-b484-17f118ee2812&sid=4cbacbc0929111eda2fd87bc4549ca18&vid=4cbadc20929111ed9fbb6932f1da5660&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Page%20not%20found%20-%20Expel&p=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&r=&lt=842&evt=pageLoad&sv=1&rn=717374

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 12 Jan 2023 15:53:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BCF480E6CB26431EB3E9C8CB8825130C Ref B: YTO01EDGE0512 Ref C: 2023-01-12T15:53:47Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pj Show response
e.acuityplatform.com/ 1 KB
2 KB 113ms
42ms Script
text/javascript 69.90.254.51
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://e.acuityplatform.com/pj?pk=7342847280863116369&pu=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pixelKey=7342847280863116369
Requested by: Host: origin.acuityplatform.com
URL: https://origin.acuityplatform.com/event/v2/pixel.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.90.254.51 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: 5e6e56f773b85521397bc97ab14645ce1736bffb0ed27b1d061bbee65a54e74b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Content-Length: 1152
Content-Type: text/javascript

GET
H2 200 343009800 Show response
www.clarity.ms/tag/uet/ 854 B
1 KB 179ms
47ms Script
application/x-javascript 2620:1ec:48:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/343009800
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/343009800.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:48:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 11b2985d72eda998187ab63f3e94950916e8856c659ee09af9780e59a37718ca

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type: application/x-javascript
date: Thu, 12 Jan 2023 15:53:47 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0Cy3AYwAAAAAWhHe8qmr0S4vUUNRuS/QbWVRPMjIxMDkwODE4MDUxADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
307 B 89ms
48ms XHR
application/json 2606:4700::6812:1a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18d1b370b94460a4cc0b6b03ac81cda1aba4db285000f52bc8e0f4b16d77c813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 78871127bcf07157-YUL
access-control-allow-headers: Content-Type

POST
H/1.1 200
OK visitWebPage
986-vwl-068.mktoresp.com/webevents/ 2 B
318 B 134ms
32ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://986-vwl-068.mktoresp.com/webevents/visitWebPage?_mchNc=1673538827499&_mchCn=&_mchId=986-VWL-068&_mchTk=_mch-expel.com-1673538827498-76697&_mchHo=expel.com&_mchPo=&_mchRu=%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%22%2C%22https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 15:53:47 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: ba0f6634-d1ea-410f-b4b1-2e7f690add72

GET
H2 200 etuSubmitv0-06.min.js Show response
info.expel.com/rs/986-VWL-068/images/ 931 B
522 B 73ms
73ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.expel.com/rs/986-VWL-068/images/etuSubmitv0-06.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4431e8fb419838f86862275f088a0079b15ee6612d8ca2285b403f45c713dff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 15 Oct 2022 02:19:41 GMT
server: cloudflare
etag: "941092-3a3-5eb096008873b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 78871127fa9fa250-YYZ
content-length: 403
expires: Thu, 12 Jan 2023 15:54:47 GMT

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/
Redirect Chain

https://tags.bluekai.com/site/37592?id=123456&limit=0&redir=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D49%26auid%3D731126500571%26uid%3D%24_BK_UUID
https://ums.acuityplatform.com/sum?umid=49&auid=731126500571&uid=$_BK_UUID

0
27 B

28ms
27ms

Image
text/plain

69.90.254.78
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=49&auid=731126500571&uid=$_BK_UUID
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Server: 69.90.254.78 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Redirect headers

location: https://ums.acuityplatform.com/sum?umid=49&auid=731126500571&uid=$_BK_UUID
date: Thu, 12 Jan 2023 15:53:47 GMT
content-length: 0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55950/
Redirect Chain

https://pixel.advertising.com/ups/55950/sync?uid=731126500571&_origin=1
https://ups.analytics.yahoo.com/ups/55950/sync?uid=731126500571&_origin=1
https://ups.analytics.yahoo.com/ups/55950/sync?uid=731126500571&_origin=1&verify=true

0
121 B

30ms
29ms

Image
text/plain

54.175.87.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55950/sync?uid=731126500571&_origin=1&verify=true

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Server

54.175.87.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-175-87-114.compute-1.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55950/sync?uid=731126500571&_origin=1&verify=true
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

bidswitch.gif
sync.admanmedia.com/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=236&user_id=731126500571&expires=30&user_group=1
https://x.bidswitch.net/ul_cb/sync?dsp_id=236&user_id=731126500571&expires=30&user_group=1
https://sync.admanmedia.com/bidswitch.gif?puid=fb26a8e9-ade5-4e59-a33d-47cd1913b823&redir=[RED]

42 B
431 B

70ms
21ms

Image
image/gif

8.2.110.24
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.admanmedia.com/bidswitch.gif?puid=fb26a8e9-ade5-4e59-a33d-47cd1913b823&redir=[RED]
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Server: 8.2.110.24 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 12 Jan 2023 15:53:47 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

Redirect headers

Location: //sync.admanmedia.com/bidswitch.gif?puid=fb26a8e9-ade5-4e59-a33d-47cd1913b823&redir=[RED]
Date: Thu, 12 Jan 2023 15:53:47 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3150&partner_device_id=731126500571&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D731126500571%26uid%3D%24%7BTA_DE...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3150&partner_device_id=731126500571&partner_url=https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D64%26auid%3D731126500571%26uid%3D%24%7...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3c796518-d4e8-4c60-960d-8176506e9075%252Chttps%25253A%25252F%25252Fums.acuityplatform.com%25252Fsum%25253Fumid%25253D64%2...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3c796518-d4e8-4c60-960d-8176506e9075%252Chttps%25253A%25252F%25252Fums.acuityplatform.com%25252Fsum%25253Fumid%25253D64%2...
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=81982044-ad55-428e-a2be-34d8ffd25a81&ttd_puid=3c796518-d4e8-4c60-960d-8176506e9075%2Chttps%253A%252F%252Fums.acuityplatfo...
https://ums.acuityplatform.com/sum?umid=64&auid=731126500571&uid=3c796518-d4e8-4c60-960d-8176506e9075

0
958 B

29ms
29ms

Image
text/plain

69.90.254.78
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=64&auid=731126500571&uid=3c796518-d4e8-4c60-960d-8176506e9075
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Server: 69.90.254.78 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Acuity-UserID
X-Acuity-UserID: 731129868340

Redirect headers

date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://ums.acuityplatform.com/sum?umid=64&auid=731126500571&uid=3c796518-d4e8-4c60-960d-8176506e9075
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ 42 B
755 B 113ms
26ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=731126500571&expires=30
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: e1bddfc34a927e97bda010c0d8a62b62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

sum
ums.acuityplatform.com/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fums.acuityplatform.com%2Fsum%3Fumid%3D10%26auid%3D731126500571%26uid%3D%24UID
https://ums.acuityplatform.com/sum?umid=10&auid=731126500571&uid=7650527735594355052

0
867 B

95ms
30ms

Image
text/plain

69.90.254.78
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/sum?umid=10&auid=731126500571&uid=7650527735594355052
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: HTTP/1.1
Server: 69.90.254.78 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Acuity-UserID
X-Acuity-UserID: 731129868119

Redirect headers

Date: Thu, 12 Jan 2023 15:53:47 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.183; 149.56.153.183; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a93e0b1a-f400-43ae-bca5-540c1c697273
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://ums.acuityplatform.com/sum?umid=10&auid=731126500571&uid=7650527735594355052
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.31.0/ 334 KB
79 KB 44ms
43ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe4946db1f133c18e59bde7de4f6e87a50d288f85ec8440451b998e0f3f17e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: D263R6OySncrpIc5uRH3nQ==
age: 57292
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 80955
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:24 GMT
server: cloudflare
etag: 0x8DA032EC5D12B02
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 5060c5b9-801e-00c4-4dd6-49a720000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 788711280c707138-YUL

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/61efe77d-0697-4da3-8555-fc009a8276d8/c2d696dc-9f9a-4825-a49c-1f5641c67fb5/ 49 KB
12 KB 74ms
73ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/61efe77d-0697-4da3-8555-fc009a8276d8/c2d696dc-9f9a-4825-a49c-1f5641c67fb5/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d72a62b81fae1240c4fb77955b1f095a14c8f4e457332b938fe1dd22df812ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: vDCfCHKBJwRufoP+vi6ujQ==
age: 35674
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12125
x-ms-lease-status: unlocked
last-modified: Fri, 04 Mar 2022 19:13:53 GMT
server: cloudflare
etag: 0x8D9FE131F8FEC13
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6f1fd9b2-301e-005e-2632-5a2be5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 788711287cf0e6f0-EWR
expires: Fri, 13 Jan 2023 15:53:47 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-d/s/0.7.1/ 55 KB
19 KB 20ms
20ms Script
application/javascript 2620:1ec:48:1::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-d/s/0.7.1/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/343009800
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:48:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: da5186fe0bb5dd59e7ece6ee7efac70c31755611e385fa423585572cb9628fcf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 01fW/YwAAAAC3nbNRQM6oSKDw7NghooXETU5aMjIxMDYwNjExMDQ3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag: "1d9162aa06b059e"
x-azure-ref: 0Cy3AYwAAAABkR6GVh0kbTIdQFdGt70RuWVRPMjIxMDkwODE4MDUxADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 77ms
21ms Script
application/x-javascript 2600:1400:d::6878:d2aa
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d::6878:d2aa New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=74498
accept-ranges: bytes
content-length: 4777

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 70ms
19ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 12 Jan 2023 14:44:02 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4185
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Thu, 12 Jan 2023 16:44:02 GMT

GET
H2 200 2zss23ghfhu7.js Show response
js.driftt.com/include/1673538900000/ 211 KB
60 KB 174ms
54ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1673538900000/2zss23ghfhu7.js

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bd5d20116afec87d67cb7a5218b2c1788a3dfb9a97b8f2f6b0a50485cc65bd1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: 4lVbSfuh7p1c.Qn557b7pYxzdaEuR0.t
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 12 Jan 2023 15:53:47 GMT
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Wed, 11 Jan 2023 19:29:36 GMT
server: istio-envoy
etag: W/"201b2d6c6fb2670b8dc5d778c15d016c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mNduCx4znQcCNzGxnM3Dc6nLJ0kJNI-UOwOgsCq6Ff05ThzapTXg0A==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
76 KB 49ms
46ms Script
application/javascript 2607:f8b0:4006:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8DE31SMF5B&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N547FHV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8d75ed8be54171bb3c05d76b034b951db965c74f04fa9d3e1b9189c0767ecc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77948
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 12 Jan 2023 15:53:47 GMT

GET
H2 200 otFloatingRoundedCorner.json Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/ 10 KB
3 KB 32ms
31ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/otFloatingRoundedCorner.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b65d01fc7528ea948471c674a1da19229a4f0859fe1b1b171e3b59a7b86b230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: S6utKXPS7v00rqdtO2Y2fg==
age: 45134
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2566
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:15 GMT
server: cloudflare
etag: 0x8DA032EC00442F6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 356011ce-501e-0067-681b-536b41000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 788711293d9ae6f0-EWR

GET
H2 200 otPcPopup.json Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/ 58 KB
14 KB 38ms
37ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/otPcPopup.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

627f94c1d1598f85da3742af706137daf93218b87e8c5e99ee01c0ce027c8ccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uUHeN+5c9i8bfszoz4UWPQ==
age: 35884
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14010
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:15 GMT
server: cloudflare
etag: 0x8DA032EC061BEB3
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f1b8adf6-e01e-00df-7b1b-5389b2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 788711293d9ce6f0-EWR

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.31.0/assets/ 21 KB
4 KB 32ms
32ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.31.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.31.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42da203fcc4325bd58c8c868e9213def8ca9b8d58e79d68e86c0fd8a5744e72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 12 Jan 2023 15:53:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: 2HSefDmVwJneRQMu6SXIPw==
age: 25292
x-ms-lease-status: unlocked
last-modified: Fri, 11 Mar 2022 07:14:31 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 877f6bdd-401e-009d-6983-55a2a6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 788711293d9de6f0-EWR

GET
H2 200 modules.0a5831f9446624640839.js Show response
script.hotjar.com/ 264 KB
68 KB 73ms
22ms Script
application/javascript 18.164.96.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0a5831f9446624640839.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3182238.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-77.jfk50.r.cloudfront.net

Software

Resource Hash

70713cff7a74460b7252af840d785a7d6cb0c63c2b1d44227ecda6601a2264ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 12:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 241db89625f6ef70a00b0e19e0cfc332.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P5
age: 12221
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 68992
last-modified: Thu, 12 Jan 2023 12:29:16 GMT
etag: "c190d47cd0259bc45c4cf36c6c1a261a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: mMV--oqDsmoylVbDO4N78XR7SXbr1wrrF5JMnLS1nEY89yT6b4VBlw==

POST
H2 204 collect Show response
j.clarity.ms/ 0
161 B 159ms
71ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-origin: https://expel.com
date: Thu, 12 Jan 2023 15:53:47 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 box-5e66f98b4ee957db209dc6f63e3d59dd.html Show response
vars.hotjar.com/ Frame 668C 2 KB
1 KB 68ms
18ms Document
text/html 13.225.214.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3182238.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-60.ewr50.r.cloudfront.net

Software

Resource Hash

cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://expel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1235296
cache-control: max-age=31536000
content-encoding: br
content-length: 1035
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 29 Dec 2022 08:45:31 GMT
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Thu, 22 Dec 2022 08:06:23 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 04d5f6961d9b76b97c908d8ed9816378.cloudfront.net (CloudFront)
x-amz-cf-id: F2yJIwl5kRWC2TIeY2wYGy9NxjEzy5IrXWh7czQpo-8vr9QIoZ4n4A==
x-amz-cf-pop: EWR50-C1
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/174905/domain/expel.com/ 36 B
378 B 386ms
122ms XHR
application/json 2600:9000:225f:ac00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/174905/domain/expel.com/token
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:ac00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 13:12:51 GMT
content-encoding: gzip
via: 1.1 21b1cb66a6f688e3b4ce88f7c515f844.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P2
age: 9657
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=30306
x-amz-cf-id: 2psj-jNqSxFuv6y5SPxVEjEMVgH1NkjknpxPRY7SBHTOyAsyAqDsJg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fa...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fa...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D174905%26time%3D1673538827845%26url%3Dhttps%253A%252F%252Fexpel.com%252Fblog%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fa...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2F...

0
490 B

144ms
98ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&cookiesTest=true&liSync=true&e_ipv6=AQJHoD8MMnkEkgAAAYWmr_faF3qHHl65fwupYgO0LQFmeOSVnfZXgPdVfqixSq9NJu4HvzPu
Requested by: Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:47 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 30CC32DDFC18495481136ECDC3C88B4C Ref B: YTO01EDGE0522 Ref C: 2023-01-12T15:53:48Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXyEx9iJngZdBmPF8ZJcQ==

Redirect headers

date: Thu, 12 Jan 2023 15:53:47 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 93FAACF4EA654533914D075819B86839 Ref B: YTO01EDGE0513 Ref C: 2023-01-12T15:53:48Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=174905&time=1673538827845&url=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&cookiesTest=true&liSync=true&e_ipv6=AQJHoD8MMnkEkgAAAYWmr_faF3qHHl65fwupYgO0LQFmeOSVnfZXgPdVfqixSq9NJu4HvzPu
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXyEx9gCMgAWEEWy9Nqcw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
203 B 35ms
34ms XHR
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1728952037&t=pageview&_s=1&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Expel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=128766552&gjid=2139406909&cid=1361497721.1673538828&tid=UA-97464802-1&_gid=1159946574.1673538828&_r=1&gtm=2wg1a1N547FHV&cd1=null&cd2=null&z=1715241909

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://expel.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 35ms
35ms Ping
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-8DE31SMF5B&gtm=2oe1a1&_p=1728952037&cid=1361497721.1673538828&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673538827&sct=1&seg=0&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&dt=Page%20not%20found%20-%20Expel&en=page_view&_fv=1&_ss=1&up.post_category=null&up.post_date=null
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8DE31SMF5B&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://expel.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
438 B 90ms
34ms XHR
text/plain 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-97464802-1&cid=1361497721.1673538828&jid=128766552&gjid=2139406909&_gid=1159946574.1673538828&_u=YEBAAEAAAAAAACAAI~&z=1966095641

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 12 Jan 2023 15:53:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://expel.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/3182238/ 147 B
322 B 332ms
104ms XHR
application/json 3.248.94.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/3182238/visit-data?sv=6
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.94.213 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-94-213.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d5c1ad551c121bee3ab5ec67df650f929a74368057152d6c09a12c6df0651dc6

Request headers

Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 12 Jan 2023 15:53:48 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 91ms
42ms Image
image/gif 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-97464802-1&cid=1361497721.1673538828&jid=128766552&_u=YEBAAEAAAAAAACAAI~&z=1354752691

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
501 B 88ms
38ms Image
image/gif 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-97464802-1&cid=1361497721.1673538828&jid=128766552&_u=YEBAAEAAAAAAACAAI~&z=1354752691

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 41ms
41ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A47%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Requested by

Host: expel.com
URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 743ms
199ms XHR
application/json 18.203.123.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.123.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-123-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bb76ca3944701fe2ed3d16abda18917b4b5d4e2f25cce44d48ca385570fd7a5d

Request headers

Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 12 Jan 2023 15:53:49 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 core Show response
js.driftt.com/ Frame EA15 2 KB
1 KB 37ms
36ms Document
text/html 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1673538900000/2zss23ghfhu7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

505aa4df244336566460d944283a0c809bf8c5291bbf73381b2af539495bf14e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://expel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 12 Jan 2023 15:53:48 GMT
etag: W/"18d8f6ef85eb49ac8151ab87569bd747"
last-modified: Wed, 11 Jan 2023 19:29:27 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-id: eqtnUlbgTwMj4_DvxxropNXXhjdBv4pFhl7ZQbU5p_0B9g3Ad2iTOw==
x-amz-cf-pop: JFK51-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: TxMmMvXkuDzOVOXa7FsSAcr3nUNGGVVM
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 19

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 9712 2 KB
1 KB 41ms
41ms Document
text/html 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1673538900000/2zss23ghfhu7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

505aa4df244336566460d944283a0c809bf8c5291bbf73381b2af539495bf14e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://expel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 12 Jan 2023 15:53:48 GMT
etag: W/"18d8f6ef85eb49ac8151ab87569bd747"
last-modified: Wed, 11 Jan 2023 19:29:27 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-id: 1B6RNDvU0edsLPhkhr6V1PnDK7QBlrLSRBDb0v9-5SOTy5_aFdPWIw==
x-amz-cf-pop: JFK51-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: TxMmMvXkuDzOVOXa7FsSAcr3nUNGGVVM
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 17

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=663333A311C549A1999C259E3F9BA600&RedC=c.clarity.ms&MXFR=132DE44405226D931C32F6D3012263EB
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=663333A311C549A1999C259E3F9BA600&MUID=30BC3A9CDDBA6CAC3E0E280BDC106D2A

42 B
468 B

31ms
31ms

Image
image/gif

20.110.81.91
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=663333A311C549A1999C259E3F9BA600&MUID=30BC3A9CDDBA6CAC3E0E280BDC106D2A
Protocol: H2
Server: 20.110.81.91 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:48 GMT
last-modified: Thu, 05 Jan 2023 17:36:49 GMT
server: Microsoft-IIS/10.0
etag: "fee4664a2c21d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:47 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE8B8099D4964588835978F4EDAB6A43 Ref B: YTO01EDGE0512 Ref C: 2023-01-12T15:53:48Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=663333A311C549A1999C259E3F9BA600&MUID=30BC3A9CDDBA6CAC3E0E280BDC106D2A
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
20ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1728952037&t=event&ni=1&_s=1&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Expel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=25&el=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1361497721.1673538828&tid=UA-97464802-1&_gid=1159946574.1673538828&gtm=2wg1a1N547FHV&z=1228886156

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
20ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1728952037&t=event&ni=1&_s=1&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Expel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=50&el=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1361497721.1673538828&tid=UA-97464802-1&_gid=1159946574.1673538828&gtm=2wg1a1N547FHV&z=1389979137

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
21ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1728952037&t=event&ni=1&_s=1&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Expel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=75&el=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1361497721.1673538828&tid=UA-97464802-1&_gid=1159946574.1673538828&gtm=2wg1a1N547FHV&z=1388182978

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
21ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1728952037&t=event&ni=1&_s=1&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Expel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=90&el=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1361497721.1673538828&tid=UA-97464802-1&_gid=1159946574.1673538828&gtm=2wg1a1N547FHV&z=1110241845

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
22ms Image
image/gif 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1728952037&t=event&ni=1&_s=1&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Expel&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll&ea=100&el=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1361497721.1673538828&tid=UA-97464802-1&_gid=1159946574.1673538828&gtm=2wg1a1N547FHV&z=833460464

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78378
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runtime~main.c34580eb.js Show response
js.driftt.com/core/assets/js/ Frame EA15 6 KB
3 KB 20ms
19ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0f7e256b2f20fccf75b28217b8364411c86632a9cdb5e75fb7b9ce390981051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
Origin: https://js.driftt.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: HozJCKDpz3AdNtSFm.G8pdI8au0H8nGR
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Wed, 11 Jan 2023 18:48:23 GMT
server: istio-envoy
etag: W/"8890682ab31ca411960a3975ffbaaf63"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ph8p4Bseqmz9FEkRv4XFO77v708tahlLdsQz_Rx_spiS0ghm1zH7zQ==

GET
H2 200 8.611ead2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 35 KB
35 KB 21ms
21ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
Origin: https://js.driftt.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 09:22:54 GMT
x-amz-version-id: Jedj9f2Us1_YhaBJ3dKl7bpmFCp241Bv
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 3911454
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
content-length: 35552
last-modified: Tue, 22 Nov 2022 15:50:00 GMT
server: istio-envoy
etag: "6aa29962f34a8e117268142c7cc1cc3d"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dEZu17z_uX2M1ePdlm9FayocACOZpvNRyTLBVymxbNTxx_X1NATw5g==

GET
H2 200 main~493df0b3.e2d828bd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 7 KB
3 KB 24ms
24ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.e2d828bd.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b4cfcb4d356ea5804502849bcafd4dfeb016947ea9a5f3702a2dc18faebe8d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
Origin: https://js.driftt.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 19:30:38 GMT
x-amz-version-id: 0CxYsVv4tZV7Qym_evYrbycNxORRuiRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3874990
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Mon, 28 Nov 2022 18:58:55 GMT
server: istio-envoy
etag: W/"6e6f5840c8530be7b3929519b0020404"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: g9gE59yKfbOXZ4EMxaVBQzqW3rF6PRDzXMTp_Mx3XEfRSfyFCq-bzg==

GET
H2 200 runtime~main.c34580eb.js Show response
js.driftt.com/core/assets/js/ Frame 9712 6 KB
3 KB 19ms
19ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0f7e256b2f20fccf75b28217b8364411c86632a9cdb5e75fb7b9ce390981051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
Origin: https://js.driftt.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: HozJCKDpz3AdNtSFm.G8pdI8au0H8nGR
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Wed, 11 Jan 2023 18:48:23 GMT
server: istio-envoy
etag: W/"8890682ab31ca411960a3975ffbaaf63"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wrzdrG6mWcLxU308oYBjCm0JW2pcbb2Cs5pND0PE1zZ_Pdnstpd-2g==

GET
H2 200 8.611ead2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 35 KB
35 KB 21ms
20ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
Origin: https://js.driftt.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 09:22:54 GMT
x-amz-version-id: Jedj9f2Us1_YhaBJ3dKl7bpmFCp241Bv
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 3911454
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
content-length: 35552
last-modified: Tue, 22 Nov 2022 15:50:00 GMT
server: istio-envoy
etag: "6aa29962f34a8e117268142c7cc1cc3d"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WcEjSwec7_z_ko1nk01jXEb9sgQDcI7uMm5xAous-k6UXRgpFgBekQ==

GET
H2 200 main~493df0b3.e2d828bd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 7 KB
3 KB 24ms
24ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.e2d828bd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b4cfcb4d356ea5804502849bcafd4dfeb016947ea9a5f3702a2dc18faebe8d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
Origin: https://js.driftt.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 19:30:38 GMT
x-amz-version-id: 0CxYsVv4tZV7Qym_evYrbycNxORRuiRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3874990
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Mon, 28 Nov 2022 18:58:55 GMT
server: istio-envoy
etag: W/"6e6f5840c8530be7b3929519b0020404"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Wrdz4VgQPmO2_5cp0DW1xORTWMur7j9giYFJ2AvNjd6VH70YLQAFVQ==

GET
H2 200 49.b6336d11.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 23 KB
8 KB 19ms
18ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1cb2a3ed712d8fcfa64505237ae54ffe9f2f5d293f371f40871d830891568b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 08:07:35 GMT
x-amz-version-id: SRmWR6_2IAVyTfdeBA3UHsUTKF9vig0O
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3224773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"8004ba5ba9fc99e5c559490658a3863f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DV3X3ycgRSzdpMDvdBs-Im2kRKvVYAbZ93bKqhAi7X1RpAAqGXE1XA==

GET
H2 200 33.ae4de0a0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 36 KB
10 KB 25ms
18ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:25:27 GMT
x-amz-version-id: C3MZvatumterNNe0ZnYdBxijPjCIwLa2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3140901
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"db0cd5b66c52523e10b87a0c8a2db182"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XJK47bh2LUKDc-9DB2O__CIn87Kgpp7CBd35FkZjelsvpFgPVGhJEQ==

GET
H2 200 23.60057654.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 32 KB
11 KB 26ms
19ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.60057654.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

489eb2769765657c9325f65117f5c7b87ffc4eab547622608c12c8f6fd60df1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 09:08:31 GMT
x-amz-version-id: .mgTK4aZpUWw4EUv6CcxqMdfzrOWE7Yd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3653117
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 28 Nov 2022 20:48:10 GMT
server: istio-envoy
etag: W/"0e963aeeee70e63f5078955e6db860f3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -VXTxNYXqTTvgoZI0Ha4-MxaUAV6CLrS1v6ALD6zA2VLp0yweX8bQw==

GET
H2 200 18.2ab31195.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 17 KB
6 KB 27ms
20ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.2ab31195.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a0da3cdc4c400e5e5030c733b68bff8fddc8c4c82c2432330fa8cb858b16bd85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 06:21:15 GMT
x-amz-version-id: LFeiIGicQs2Tf1W1OVdbiqm.NtXkzyse
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 2971953
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 53
last-modified: Thu, 08 Dec 2022 20:10:50 GMT
server: istio-envoy
etag: W/"09e4a870348ecb960c5807c49bbf0c16"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kvH_wYd5QPEvXdqpjBS63WVn-z-bvOfll2xOFxTXtoqWFplNobsuJw==

GET
H2 200 40.5fa801cd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 25 KB
8 KB 28ms
20ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.5fa801cd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

759a08226cc8d5a5a89c64b7f814457ee6191384f30e4dc9cd123aaf279003fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:25:27 GMT
x-amz-version-id: NqbPooDHsv_fU65TqPp8A8pqvXaVXvTp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3140901
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"e7d37d5ffc01767c10d8677c65ead60b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EaeslRG5Ia5OmHQiG4mT4WExqWERPGW3gvYOkUvo_plHxPnnlZCJVg==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 74 KB
75 KB 29ms
21ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 09:52:17 GMT
x-amz-version-id: hlXsE28sTP5F9NJO13vh7DyAMkRgmn5S
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5724091
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 75961
last-modified: Fri, 04 Nov 2022 15:44:32 GMT
server: nginx
etag: "6d77a76055d81227033363af2f18caf8"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aoDysVDbMahDsaUBEBS5hH6h2ZwMeDJmzLWyorPE4jN40hcHPB9FuA==

GET
H2 200 25.8f107198.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 59 KB
60 KB 33ms
26ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.8f107198.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 29 Oct 2022 08:16:25 GMT
x-amz-version-id: LzlaU0Vnd12Cs3jxCUINybAdyqEMAn7y
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 6507443
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 60777
last-modified: Fri, 28 Oct 2022 15:57:21 GMT
server: nginx
etag: "e2511c69e5bdc03467952abaccdb5383"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WzQLje4OkL20WDq-A4ZcX8SwixDI9Bn8-YJpo1P3MrDf6-Hepd9hGA==

GET
H2 200 13.3e86f1f6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 91 KB
28 KB 42ms
35ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 10:45:08 GMT
x-amz-version-id: vaWJ0pBwkUPW2nm8FtPS36bBKgcgqhqQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 4338520
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 46
last-modified: Tue, 22 Nov 2022 15:49:57 GMT
server: istio-envoy
etag: W/"fdee1a560ca08e3d3702e14d8f1f0b82"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: q5_BHzoU2dFXCdwpsDm9qVV2ieh9xFcrSHLCyDm1wv3P8eiW72JZ-w==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 23 KB
24 KB 42ms
37ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 12 Nov 2022 08:00:49 GMT
x-amz-version-id: 7y0aRuRA1Qr5ndBZyNYVrRSLQtSMw9GE
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5298779
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 23865
last-modified: Wed, 09 Nov 2022 18:21:20 GMT
server: nginx
etag: "4049f38c00add1738dc4806148ff8829"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: M-gTDUG4pBBnPDFfw5zlR6M1jEGFkuKCzgX0SFZO3IEV5yjcErTL9A==

GET
H2 200 17.d96f5704.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 62 KB
20 KB 44ms
39ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.d96f5704.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

66bee368cd16bf0d9a64e4252953d1179f42ad9bfcae08c8abc8b46e5d304b24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 19:30:38 GMT
x-amz-version-id: sg8faa50aplh9rJp1QcZDcacOoaZ0DpV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3874990
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Mon, 28 Nov 2022 18:58:53 GMT
server: istio-envoy
etag: W/"f7132278cd8921e8f42d2d92ca6e0510"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jmLnCx7jFaCKVnc_xi8FJtLlfueRDMWECc9n-KAJAkBXAm_k0uBe1g==

GET
H2 200 47.9d4808ed.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 105 KB
106 KB 46ms
41ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/47.9d4808ed.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

20997bd3984886e845f5a5e0d036f9808a5e30051f219705ef4e6ef1ef1b0f55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 10:22:49 GMT
x-amz-version-id: xvBOIy7p58fKwAizprCMsqSSx7.qDtW3
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5117459
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 107348
last-modified: Wed, 09 Nov 2022 18:21:22 GMT
server: nginx
etag: "dfc66008c702c40fea0587f735010013"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QAzRQNT_m84F9y5X_6O5Rvbv1u9sRBDsR89bXz-oWmemDop_fMgV7w==

GET
H2 200 38.5941b51c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 12 KB
4 KB 53ms
48ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.5941b51c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

62eb2106959f57e67d6a5209dc51af437b7b61a4256fd93b1a822e4d606ef9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 09:08:32 GMT
x-amz-version-id: vJ4l4Xhv63Wbg7qXfYNntPn3WeE7h5J0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3653116
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 28 Nov 2022 20:48:11 GMT
server: istio-envoy
etag: W/"aa24724b97a516c589a05bc577d15db9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RRpNaTk3CR8eQt41wlQnYAq9gV92Eh1esAbljN3wshiq50breD_0eQ==

GET
H2 200 28.190877b8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 13 KB
6 KB 54ms
49ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.190877b8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 17 Dec 2022 07:29:46 GMT
x-amz-version-id: kg8WLhUM_2N5hVet47_Vp0rebtitYxoP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 2276642
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 16 Dec 2022 15:20:44 GMT
server: istio-envoy
etag: W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n7pKeUujPWGC3YEv8Kl3o0pdw8xUWP9nowCoFLBfkep3ebSdMuXbEg==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 17 KB
17 KB 54ms
50ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 26 Nov 2022 11:22:50 GMT
x-amz-version-id: GgYYSuPBW6EmRXHZwe.RrXo7QCbQus8K
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 4077058
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 17003
last-modified: Tue, 22 Nov 2022 15:49:58 GMT
server: istio-envoy
etag: "65e5c965272e021ae33ff8bc39565ef5"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -TfDOFYRqInmtSPJJhCMZ_8jRqrzMlett04bRx5aTDbJXs1W-bZwIg==

GET
H2 200 9.2f2cc2c4.chunk.css
js.driftt.com/core/assets/css/ Frame EA15 14 KB
3 KB 22ms
19ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.2f2cc2c4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 29 Dec 2022 16:39:29 GMT
x-amz-version-id: SDOQ.STtxlQaFoH.Cb_a99fOEu_ze5wP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 1206859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 46
last-modified: Wed, 28 Dec 2022 21:35:38 GMT
server: istio-envoy
etag: W/"dd670379de64b0621ee84574f3b8e73d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YkzojYQJMx4SDcIO4WVCjnjGIgVzPcjnT7RSoN8PAFb3_zYNNTx0oQ==

GET
H2 200 9.e91643ca.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 79 KB
25 KB 54ms
51ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.e91643ca.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c65c0caf65a36c8bb25dddac082d92dc2d2629132cfb0097a59424d7f6faf156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 29 Dec 2022 16:39:29 GMT
x-amz-version-id: DMZ6iUyJnZcbBLBSAp.0vFH7x0h8k7o8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 1206859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 68
last-modified: Wed, 28 Dec 2022 21:35:42 GMT
server: istio-envoy
etag: W/"7a8cb644b6f002369ea2a4288f2d0116"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WeeUEMvkqqRoF0Ht5CVsIHGLnH_-eIkPgRHN7alU9l-S0YOJ9FQU1w==

GET
H2 200 15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame EA15 24 B
695 B 55ms
51ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:53:18 GMT
x-amz-version-id: MpmP_baDi2Lp86SRq3A6CnYjltvdox.E
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 4165230
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
content-length: 24
last-modified: Tue, 22 Nov 2022 15:49:55 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gFtrjj8-kjHvdE2EKcTZsPw7GIudwIY8DU8CCDe6ecJePeueOnMA4g==

GET
H2 200 15.7414712b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 84 KB
21 KB 56ms
52ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.7414712b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d5478ed0fba429549dbf0f5a50df6644f21775decb625a9b448d4a02f1f4f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 16:37:28 GMT
x-amz-version-id: M68.BHY51r7H2kRVNVH_tvCm6BkqYFgK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 602180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Thu, 05 Jan 2023 16:27:50 GMT
server: istio-envoy
etag: W/"b74a80d67fde5b90d066ff29b6365529"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _bFYycBgVA_uAShu-jXH2_ZZhWvLPpp5dqQRpxw9Oroxs47Cmigs4g==

GET
H2 200 24.93e21b0d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 49 KB
13 KB 57ms
53ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.93e21b0d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f5a0bb11ccb2b765a9ea803f2904919385d9d3bd0fbf565595626b0dd60cbea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: q7HCMapRd3ObNq9D9kFKhsA3TPJ0X8zM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Wed, 11 Jan 2023 18:48:20 GMT
server: istio-envoy
etag: W/"3dcb6e81808f67d52c870f1999ba2d80"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZS-BbBOso6QPHRPyZriEChOMzkkhL6QpHp8DkNTb0s4dVQPAhGe-Kg==

GET
H2 200 16.e6a31895.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 39 KB
13 KB 58ms
54ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.e6a31895.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

941590a957107ad5194a08047e7010c59b13bbf024af936678696069dccc790f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: AxZWGl0kuHR2CyUD1pVJwSVAAjIWZ_98
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 77
last-modified: Wed, 11 Jan 2023 18:48:20 GMT
server: istio-envoy
etag: W/"7ba5580a3ef2a7af9cc6d6a5b17a7c74"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XESNjz7j7jCIX74aRc00D5fTS0UpnCxQwZ52HjO5lG5SnbUud-6SEw==

GET
H2 200 49.b6336d11.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 23 KB
8 KB 51ms
45ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1cb2a3ed712d8fcfa64505237ae54ffe9f2f5d293f371f40871d830891568b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 08:07:35 GMT
x-amz-version-id: SRmWR6_2IAVyTfdeBA3UHsUTKF9vig0O
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3224773
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"8004ba5ba9fc99e5c559490658a3863f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vVdw82Ga_FI_IJ4XdVMdMjfO95IddNd8JXL_IssxqW0vgp2-SUzkWQ==

GET
H2 200 33.ae4de0a0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 36 KB
10 KB 54ms
47ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.ae4de0a0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:25:27 GMT
x-amz-version-id: C3MZvatumterNNe0ZnYdBxijPjCIwLa2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3140901
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"db0cd5b66c52523e10b87a0c8a2db182"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wUVm13D86LNByYuuiCv1RCf9wMpSytCLW9xCfCfwYYT6ri3bY27bNg==

GET
H2 200 23.60057654.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 32 KB
11 KB 55ms
48ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.60057654.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

489eb2769765657c9325f65117f5c7b87ffc4eab547622608c12c8f6fd60df1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 09:08:31 GMT
x-amz-version-id: .mgTK4aZpUWw4EUv6CcxqMdfzrOWE7Yd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3653117
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Mon, 28 Nov 2022 20:48:10 GMT
server: istio-envoy
etag: W/"0e963aeeee70e63f5078955e6db860f3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wChnX5PZ5SITWuMmmJxw8mZ6dTmsQKYhJ5x4ylLz5zpk4h0pS5R3IA==

GET
H2 200 18.2ab31195.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 17 KB
6 KB 55ms
49ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.2ab31195.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a0da3cdc4c400e5e5030c733b68bff8fddc8c4c82c2432330fa8cb858b16bd85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 06:21:15 GMT
x-amz-version-id: LFeiIGicQs2Tf1W1OVdbiqm.NtXkzyse
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 2971953
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 53
last-modified: Thu, 08 Dec 2022 20:10:50 GMT
server: istio-envoy
etag: W/"09e4a870348ecb960c5807c49bbf0c16"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: X88vA-AevTUovT-oGPihSKhe4Z7idIlvRpiplQMk_NMnEJ1j5C68Ow==

GET
H2 200 40.5fa801cd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 25 KB
8 KB 56ms
50ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.5fa801cd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

759a08226cc8d5a5a89c64b7f814457ee6191384f30e4dc9cd123aaf279003fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 07:25:27 GMT
x-amz-version-id: NqbPooDHsv_fU65TqPp8A8pqvXaVXvTp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3140901
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"e7d37d5ffc01767c10d8677c65ead60b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I4owXhWAdrk52_G9cQXB_MVORlNuBBaIZc1n3e6YEOm7hwws0LzH2w==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 74 KB
75 KB 59ms
52ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 09:52:17 GMT
x-amz-version-id: hlXsE28sTP5F9NJO13vh7DyAMkRgmn5S
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5724091
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 75961
last-modified: Fri, 04 Nov 2022 15:44:32 GMT
server: nginx
etag: "6d77a76055d81227033363af2f18caf8"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fJ40ceTMBbDC9LnDjvJKzQXeF1IAsX6jc9PEdN99O3CxPmat3i0FEg==

GET
H2 200 25.8f107198.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 59 KB
60 KB 60ms
54ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.8f107198.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 29 Oct 2022 08:16:25 GMT
x-amz-version-id: LzlaU0Vnd12Cs3jxCUINybAdyqEMAn7y
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 6507443
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 60777
last-modified: Fri, 28 Oct 2022 15:57:21 GMT
server: nginx
etag: "e2511c69e5bdc03467952abaccdb5383"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 45jy33WjkwxgDGGch6eAMpuObNs-SexItBjRYzIE8SIQ7u64kUOWHg==

GET
H2 200 13.3e86f1f6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 91 KB
28 KB 61ms
56ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 10:45:08 GMT
x-amz-version-id: vaWJ0pBwkUPW2nm8FtPS36bBKgcgqhqQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 4338520
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 46
last-modified: Tue, 22 Nov 2022 15:49:57 GMT
server: istio-envoy
etag: W/"fdee1a560ca08e3d3702e14d8f1f0b82"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HypCFiBNvlTnWSCFWfFpblqUsNP6OlBkN72uoyDDDpPoTfMpgqt5FQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 23 KB
24 KB 62ms
57ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 12 Nov 2022 08:00:49 GMT
x-amz-version-id: 7y0aRuRA1Qr5ndBZyNYVrRSLQtSMw9GE
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5298779
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 23865
last-modified: Wed, 09 Nov 2022 18:21:20 GMT
server: nginx
etag: "4049f38c00add1738dc4806148ff8829"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 14PC6GM8oal3G9EMEL2EjAY9XrdqaVMfzt30VZAxRljJW2vGDcx0RQ==

GET
H2 200 17.d96f5704.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 62 KB
20 KB 63ms
58ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.d96f5704.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

66bee368cd16bf0d9a64e4252953d1179f42ad9bfcae08c8abc8b46e5d304b24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 19:30:38 GMT
x-amz-version-id: sg8faa50aplh9rJp1QcZDcacOoaZ0DpV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3874990
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Mon, 28 Nov 2022 18:58:53 GMT
server: istio-envoy
etag: W/"f7132278cd8921e8f42d2d92ca6e0510"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yUt5wC4Y6SkX9c6PM25McSeixk0oVQKylxub72G0uF3kd7KJgnV58Q==

GET
H2 200 47.9d4808ed.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 105 KB
106 KB 64ms
59ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/47.9d4808ed.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

20997bd3984886e845f5a5e0d036f9808a5e30051f219705ef4e6ef1ef1b0f55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 10:22:49 GMT
x-amz-version-id: xvBOIy7p58fKwAizprCMsqSSx7.qDtW3
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5117459
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 107348
last-modified: Wed, 09 Nov 2022 18:21:22 GMT
server: nginx
etag: "dfc66008c702c40fea0587f735010013"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eVlyf7-l-oTE5AyV6caaRf-qVCw-VRu5k8XH9FPXb4WcBU3lqDWo-w==

GET
H2 200 38.5941b51c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 12 KB
4 KB 65ms
60ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.5941b51c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

62eb2106959f57e67d6a5209dc51af437b7b61a4256fd93b1a822e4d606ef9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 09:08:32 GMT
x-amz-version-id: vJ4l4Xhv63Wbg7qXfYNntPn3WeE7h5J0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3653116
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Mon, 28 Nov 2022 20:48:11 GMT
server: istio-envoy
etag: W/"aa24724b97a516c589a05bc577d15db9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: c1T3XR3qQQDbcc69stsAxv2bToXJaJd7vmgzi6OqoErb4U6s8QNADw==

GET
H2 200 28.190877b8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 13 KB
6 KB 65ms
61ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.190877b8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 17 Dec 2022 07:29:46 GMT
x-amz-version-id: kg8WLhUM_2N5hVet47_Vp0rebtitYxoP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 2276642
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 16 Dec 2022 15:20:44 GMT
server: istio-envoy
etag: W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2NvcOY2fd2vunX7wIO5gEszwGxUKuhbac10nv---_pvsonL0sQLe0Q==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 17 KB
17 KB 66ms
62ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 26 Nov 2022 11:22:50 GMT
x-amz-version-id: GgYYSuPBW6EmRXHZwe.RrXo7QCbQus8K
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 4077058
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 17003
last-modified: Tue, 22 Nov 2022 15:49:58 GMT
server: istio-envoy
etag: "65e5c965272e021ae33ff8bc39565ef5"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Y0YLqeV86q4caurkxPUVtxV45u-jBUfULzqez8O8tZZTF3FR0ZA0rQ==

GET
H2 200 9.2f2cc2c4.chunk.css
js.driftt.com/core/assets/css/ Frame 9712 14 KB
3 KB 48ms
44ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.2f2cc2c4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 29 Dec 2022 16:39:29 GMT
x-amz-version-id: SDOQ.STtxlQaFoH.Cb_a99fOEu_ze5wP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 1206859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 46
last-modified: Wed, 28 Dec 2022 21:35:38 GMT
server: istio-envoy
etag: W/"dd670379de64b0621ee84574f3b8e73d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aenVarkr_O0ijyI_ByjUfQ8QWvrCcjPD_5k67FJBTZpcqPjWxS5UTQ==

GET
H2 200 9.e91643ca.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 79 KB
25 KB 66ms
63ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.e91643ca.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c65c0caf65a36c8bb25dddac082d92dc2d2629132cfb0097a59424d7f6faf156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 29 Dec 2022 16:39:29 GMT
x-amz-version-id: DMZ6iUyJnZcbBLBSAp.0vFH7x0h8k7o8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 1206859
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 68
last-modified: Wed, 28 Dec 2022 21:35:42 GMT
server: istio-envoy
etag: W/"7a8cb644b6f002369ea2a4288f2d0116"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WdfU1mVJnhNe5soUvjTk8QS94TdglRmS4KB3aYfZ9DHk3DQ26JkxHw==

GET
H2 200 15.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 9712 24 B
696 B 48ms
46ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/15.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:53:18 GMT
x-amz-version-id: MpmP_baDi2Lp86SRq3A6CnYjltvdox.E
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 4165230
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
content-length: 24
last-modified: Tue, 22 Nov 2022 15:49:55 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _AQ2U-iJjv9ey5C4CJcQcnIjGUDrSVTZWb_358l5TFCAb3MOJOGbDA==

GET
H2 200 15.7414712b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 84 KB
21 KB 66ms
64ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.7414712b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d5478ed0fba429549dbf0f5a50df6644f21775decb625a9b448d4a02f1f4f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 16:37:28 GMT
x-amz-version-id: M68.BHY51r7H2kRVNVH_tvCm6BkqYFgK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 602180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Thu, 05 Jan 2023 16:27:50 GMT
server: istio-envoy
etag: W/"b74a80d67fde5b90d066ff29b6365529"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mmJSKFNVzherrwVVf4FlgdzdYlONGWBiakhG-N5TKrMN7az1nAqJxQ==

GET
H2 200 24.93e21b0d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 49 KB
13 KB 67ms
65ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.93e21b0d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f5a0bb11ccb2b765a9ea803f2904919385d9d3bd0fbf565595626b0dd60cbea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: q7HCMapRd3ObNq9D9kFKhsA3TPJ0X8zM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Wed, 11 Jan 2023 18:48:20 GMT
server: istio-envoy
etag: W/"3dcb6e81808f67d52c870f1999ba2d80"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6mONGh2uIpj2RfOEEP-khf_K4Ko3bZHi1x_NlkaF53G5ALGMeR_cCQ==

GET
H2 200 16.e6a31895.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 39 KB
13 KB 68ms
66ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.e6a31895.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

941590a957107ad5194a08047e7010c59b13bbf024af936678696069dccc790f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: AxZWGl0kuHR2CyUD1pVJwSVAAjIWZ_98
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 77
last-modified: Wed, 11 Jan 2023 18:48:20 GMT
server: istio-envoy
etag: W/"7ba5580a3ef2a7af9cc6d6a5b17a7c74"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R_XlTebtzTRXXm6GuSi8ByOcA6yjt22uxwoWbyMyKrbwrrxU6lv9Lw==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 9 KB
9 KB 19ms
18ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 26 Nov 2022 06:23:04 GMT
x-amz-version-id: _1H8NtZE8rwaVKsmDTRbkHW3YwcjKfoi
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 4095044
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
content-length: 8798
last-modified: Tue, 22 Nov 2022 15:49:56 GMT
server: istio-envoy
etag: "c5efcdc9e465604f32cf24af10fd6c13"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ThemLbcRi_YpETA9ABUzB1iCFg6I2g6FoAAaRW8Oj4RkUpIqDg4wuQ==

GET
H2 200 26.64322869.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 35 KB
10 KB 20ms
19ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.64322869.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bc239bcea412c55851ac6940a5a87baf775d3fb1a21423eed175e03e90774c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 15:41:37 GMT
x-amz-version-id: PTEOwy_2auoAERJW2cYbyU5O_d.Ysx0V
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 1987931
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 20 Dec 2022 15:26:20 GMT
server: istio-envoy
etag: W/"744c4be1daa9277dcf54fdd19ba78200"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZIAs45dPz0jsgLtPb2u9Y13CJzOoTmKJb20PicWgBE28iVf2F3zqyA==

GET
H2 200 27.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame EA15 8 KB
9 KB 21ms
20ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/27.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

nginx /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 13 Nov 2022 11:23:13 GMT
x-amz-version-id: 2gPc2iRLjbFbOZaSgMRBghYoZJDb3hyS
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 5200235
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 8581
last-modified: Wed, 09 Nov 2022 18:21:19 GMT
server: nginx
etag: "4f21faf2ba450e5fcdf7eda90813e185"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gmVJ1P-vPVWkFaph3SA51MjzfiR9ge6POYz2pYrlUpd71h69nE_wLg==

GET
H2 200 27.4f62ccd2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 14 KB
6 KB 22ms
21ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.4f62ccd2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4b7fcc71f2345201fb332e802b071e396b05623d04d410bbc6f4b010c673f3bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:36:41 GMT
x-amz-version-id: K6XR2itnTdewDpQnk8c.EJ6RPpqYqemb
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3007027
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 56
last-modified: Thu, 08 Dec 2022 20:10:50 GMT
server: istio-envoy
etag: W/"498de99279f37cba21c25b932e3787a3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gDsSQLsfGlWTGrfua6F5BHf7jwWP948HpPQQUjZJW7MKfTqGQieLRg==

GET
H2 200 19.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame EA15 365 B
1 KB 23ms
22ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/19.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 09:52:50 GMT
x-amz-version-id: w1vOcwITmb.cUDNW_lvsPGI3OxFp7KF_
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 3391258
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 365
last-modified: Thu, 01 Dec 2022 14:26:44 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fmwmazO8T_MxS-uuZhvq7emWKml1J3fOSI-DDxRFH-OHPWc4nvbrLg==

GET
H2 200 19.8b809a6b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EA15 92 KB
26 KB 24ms
23ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8b809a6b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

63d279105229c6f1f841644babfd4f4891ea77de6a91818d9549f7328ad4c5b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=2zss23ghfhu7&eId=2zss23ghfhu7&region=US&forceShow=false&skipCampaigns=false&sessionId=1671b7a6-3601-4f63-8510-4572c7f9de77&sessionStarted=1673538828.441&campaignRefreshToken=4de6bc65-8020-4161-bc46-6df49cf4521b&hideController=false&pageLoadStartTime=1673538826564&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 19:29:26 GMT
x-amz-version-id: iydRgnTJSfS5ndHL11el4.mUl7TpKB4y
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 73462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 112
last-modified: Wed, 11 Jan 2023 18:48:20 GMT
server: istio-envoy
etag: W/"0a524edff18167082ad3f71a48d11050"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: b59Jyg9UNRNmJKgrZoogjw1gSgCgAZ5WY6d4J6bVthQnE0CSfdeL-w==

GET
H2 200 35.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 9712 3 KB
3 KB 19ms
18ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/35.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 10:22:54 GMT
x-amz-version-id: jMu1GSVlhxVSUZ1l0X.lWhGKPEUiyLuY
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 3303054
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
content-length: 2783
last-modified: Thu, 01 Dec 2022 14:26:45 GMT
server: istio-envoy
etag: "87532c4db85f1429fa6d759bc3332f36"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 25bMpmrl3JOmftvLV4YXB94bTwzEiGzVv0457IczQyQ1i1rm6JyxoA==

GET
H2 200 35.438351b2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 3 KB
2 KB 21ms
20ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.438351b2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d3c4b1d1abee7af1529758460c464a8721f281dfc899159dc36f521534d53fc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 08:07:40 GMT
x-amz-version-id: F0eKVfXC8sCZh1xAtE3LSsnx4C8Q.MOQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 3224768
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 01 Dec 2022 14:26:48 GMT
server: istio-envoy
etag: W/"6d42b26d199471df6876d34dd3714424"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I6jNzoo_slucrX8ETM-IQw7mpqj3oF-Sp2niTUwLUM4ZdIUx_MTjIQ==

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 73ms
73ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-origin: https://expel.com
date: Thu, 12 Jan 2023 15:53:48 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 9 KB
9 KB 27ms
26ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sat, 26 Nov 2022 06:23:04 GMT
x-amz-version-id: _1H8NtZE8rwaVKsmDTRbkHW3YwcjKfoi
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 4095044
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
content-length: 8798
last-modified: Tue, 22 Nov 2022 15:49:56 GMT
server: istio-envoy
etag: "c5efcdc9e465604f32cf24af10fd6c13"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W6CytIGQBeuPoP_OY3R1xVm7w8TLmkGrUciR4V4Nkme4WVlfTdbPEA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 9712 7 KB
8 KB 28ms
27ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 07:46:27 GMT
x-amz-version-id: tTMWy3dO06aGqW3jh1cqHHbdESS7S6AE
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 3226041
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
content-length: 7555
last-modified: Thu, 01 Dec 2022 14:26:44 GMT
server: istio-envoy
etag: "189aeffd571884559dababa22c66d75a"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LAIKGbpdMeVo0kODk80ENiuoL2mVwB_EG110jSaZiAGvo1_CkBjViw==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 54 KB
54 KB 30ms
28ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 10:49:24 GMT
x-amz-version-id: qGN0XCPmPm.tPVWlU.D9L3otF0x1Dsuy
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 3733464
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
content-length: 54960
last-modified: Mon, 28 Nov 2022 20:48:10 GMT
server: istio-envoy
etag: "1ac37bf2b93050f29058b66a9ad43e10"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4jSKMrVSKu9kq6t2lP1SIztidah1LwQSHMfkBR0BrU0sQsDb7zwpZw==

GET
H2 200 1.fbdab3a3.chunk.css
js.driftt.com/core/assets/css/ Frame 9712 43 KB
43 KB 28ms
27ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.fbdab3a3.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b22a1ebdf9aecea6f73860db0e9d184d96d28d85196efd42cfae5d8d0f103571

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 07:22:56 GMT
x-amz-version-id: .i3LEu4TuE5j0c7IojMGjyXnoYwhN8p3
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: JFK51-C1
age: 1758652
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
content-length: 43801
last-modified: Wed, 21 Dec 2022 21:28:24 GMT
server: istio-envoy
etag: "6eae9d8917505f7858dc56cf0731728a"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UlP30rEHj-k8coUsBfQJSTYcAspp46U0n_ZkLUXdOLe8N7sY1FRoyA==

GET
H2 200 1.2e27d274.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 73 KB
25 KB 30ms
30ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.2e27d274.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6aafe4dc4321bce762f863ce88aec5f7d4ed705477478be6510b0c2a48ef714e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 21:54:21 GMT
x-amz-version-id: UNJr5Kja1ABr.guWFosCRkEJaAhCHOiA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 1879167
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 52
last-modified: Wed, 21 Dec 2022 21:28:25 GMT
server: istio-envoy
etag: W/"a6d0fdb505a88f9c55049ebe66d7667a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tBLZ-vkyDKc_HwgQo5C4QzMqWawqzY8fU8DqBYcn-2QriSIIF08RvQ==

GET
H2 200 32.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame 9712 14 KB
3 KB 30ms
29ms Stylesheet
text/css 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/32.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 01 Jan 2023 07:40:45 GMT
x-amz-version-id: OrWyntKvpXFNXnxv.wvNAnQsj4sxK0TS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 979983
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 30
last-modified: Thu, 29 Dec 2022 16:49:54 GMT
server: istio-envoy
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qKsp-aOEhqSTB5G-MoZMkzzoTdUSJ3SglKQoBJkQJB4nbbx0tNFcoA==

GET
H2 200 32.5f11aa12.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 9712 12 KB
5 KB 31ms
30ms Script
application/javascript 13.225.223.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.5f11aa12.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.c34580eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-85.jfk51.r.cloudfront.net

Software

istio-envoy /

Resource Hash

73b7536c82d23bd8bb1f28778009d16a26c9bb7624a3caf41289284aa33d54d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1673538826564
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 16:48:23 GMT
x-amz-version-id: ldUcMD8JsmcHqL747dpDB3Eivlc6nS5g
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d2d900512286e3d26077b241153e569c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 2588725
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 70
last-modified: Tue, 13 Dec 2022 15:17:59 GMT
server: istio-envoy
etag: W/"77aab2343a041aad4aea245e60cde53f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UfpswicfiOKNl3RqFMExZTKHuJ_mTfwb1aWZSemlCSeAy4e5BkgbNQ==

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 130ms
29ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 12 Jan 2023 15:53:49 GMT
requestid: drift6cbdc12495d9f05931c3f3dca88
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame EA15 185 B
283 B 33ms
33ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

18f9babcd4ce98e362603e3b466392e89de01f0573d3826b1c34c690a6617ba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 12 Jan 2023 15:53:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 73fa04170018ad69
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 8
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 185

GET ip.json
api.company-target.com/api/v2/ 0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 40ms
40ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A48%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:49 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 41ms
40ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A49%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 32ms
31ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://expel.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-origin: https://expel.com
date: Thu, 12 Jan 2023 15:53:50 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 68ms
67ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A50%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224008%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame EA15 25 B
88 B 44ms
43ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/49.b6336d11.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-CA,en;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 12 Jan 2023 15:53:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 672039778bc0936a
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 40ms
26ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 12 Jan 2023 15:53:51 GMT
requestid: drift8363a9a49afa194ada77c43aab5
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 171ms
170ms Image
image/gif 23.4.230.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A51%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.4.230.40 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-230-40.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 15:53:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 33ms
32ms Ping
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-8DE31SMF5B&gtm=2oe1a1&_p=1728952037&cid=1361497721.1673538828&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1673538827&sct=1&seg=0&dl=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&dt=Page%20not%20found%20-%20Expel&en=scroll&epn.percent_scrolled=90&_et=15
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8DE31SMF5B&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:808::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://expel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 15:53:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://expel.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.company-target.com
URL: https://api.company-target.com/api/v2/ip.json?key=adSt2vLSK5yWREosCQ62LjsHmJ8UAvKwgTnPISxs&page=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&page_title=Page%20not%20found%20-%20Expel&referrer=

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=c034b40350882a982492eba99c257c99&svisitor=null&visitor=90820963-f62c-44d0-8100-24f0272c0b8c&session=94fdd8d6-977a-4d3b-86e3-5d9e2a855d20&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2012%20Jan%202023%2015%3A53%3A52%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%226012%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Expel%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&pageViewId=31a13c6d-9844-4021-85f0-d0685cd16dc6&an_uid=0

Verdicts & Comments Add Verdict or Comment

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

75 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.expel.com/	1970-01-20 17:37:54	Name: _biz_uid Value: 26ea3c5b8ff04845ad721ccb31cdef18
.expel.com/	1970-01-20 08:52:20	Name: _biz_sid Value: 7056db
.expel.com/	1970-01-20 17:37:54	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 17:37:54	Name: _BUID Value: 26ea3c5b8ff04845ad721ccb31cdef18
.bizibly.com/	1970-01-20 17:37:54	Name: _BUID Value: 61629ceef7a54e5fc51af2f9decd68c3
.expel.com/	1970-01-20 17:37:54	Name: _biz_pendingA Value: %5B%5D
www.g2.com/	1970-01-20 09:02:23	Name: AWSALBCORS Value: KrkHIohDbQJ9It0TTLKl95vTZz1V2FKv5UMd4iq0XlUw7nuoLJ+3XzZC+lzkLHZ69B8XMMzgpgqsBL4hkOf1OuE8lz/buO0FWzOommCITtpEU0+pV6ojJEC/Bbse
www.g2.com/	1969-12-31 23:59:59	Name: events_distinct_id Value: 9a2cf567-4fb4-4339-b505-0889c08cd3e1
www.g2.com/	1970-01-20 08:52:20	Name: amplitude_session Value: 1673538827191
.g2.com/	1969-12-31 23:59:59	Name: _g2_session_id Value: 0c205c4f28d6eb8b8835aa4f47fddeae
.g2.com/	1970-01-20 08:52:20	Name: __cf_bm Value: VOU5olzBjbKl_xlYXGMU_8VN2TK6FRzKTke1cbjVpXY-1673538827-0-AR/Tir66/L65LGnMAciviSte9RkaPP9s1Ul8whcYwGx2pj272OexHRzm9Wh9F5/2SyulHUgb3HR0ETYe3jZZcY8=
.expel.com/	1970-01-20 17:37:54	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
expel.com/	1970-01-20 09:02:23	Name: _an_uid Value: 0
expel.com/	1970-01-20 18:28:18	Name: _gd_visitor Value: 90820963-f62c-44d0-8100-24f0272c0b8c
expel.com/	1970-01-20 08:52:33	Name: _gd_session Value: 94fdd8d6-977a-4d3b-86e3-5d9e2a855d20
.adnxs.com/	1970-01-20 11:01:54	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2C$S=F1):!@wnf-Te9(>wL5L!!''e$Q(pX
.adnxs.com/	1970-01-20 11:01:54	Name: uuid2 Value: 7650527735594355052
.bing.com/	1970-01-20 18:13:54	Name: MUID Value: 30BC3A9CDDBA6CAC3E0E280BDC106D2A
.bat.bing.com/	1970-01-20 09:02:23	Name: MR Value: 0
.6sc.co/	1970-01-20 18:28:18	Name: 6suuid Value: 45822c17e57a00000b2dc0634d01000053ec0500
.expel.com/	1970-01-20 08:53:45	Name: _uetsid Value: 4cbacbc0929111eda2fd87bc4549ca18
.expel.com/	1970-01-20 18:13:54	Name: _uetvid Value: 4cbadc20929111ed9fbb6932f1da5660
.t.co/	1970-01-20 18:28:18	Name: muc_ads Value: f8ac40e9-376c-4251-a93a-00b2ca594c31
.twitter.com/	1970-01-20 18:28:18	Name: personalization_id Value: "v1_3PPVWp0F1i6u/iYA6xQcBA=="
.info.expel.com/	1970-01-20 08:52:20	Name: __cf_bm Value: PjnigVCuOjZ1LB5ebNrfGfvA4OCj22rtm.suViRgMko-1673538827-0-AbzGQxWXZfjYIzgNGXA0N1abmPoPF7X83tErmOK7nB99uVEdvQ3oqnP8vmK+7YXlaRL2QxuhEBhHw6q8Tip5AGs=
.expel.com/	1970-01-20 18:28:18	Name: _mkto_trk Value: id:986-VWL-068&token:_mch-expel.com-1673538827498-76697
www.clarity.ms/	1970-01-20 17:37:54	Name: CLID Value: 4fe2209faf9a4044aede87d3f3baa579.20230112.20240112
.tapad.com/	1970-01-20 10:18:42	Name: TapAd_TS Value: 1673538827584
.tapad.com/	1970-01-20 10:18:42	Name: TapAd_DID Value: 3c796518-d4e8-4c60-960d-8176506e9075
.advertising.com/	1970-01-20 17:38:16	Name: A3 Value: d=AQABBAstwGMCELjtwwlfloezRaOeF4QW7KEFEgEBAQF-wWPKYwAAAAAA_eMAAA&S=AQAAAjd_nCgwZz2iVtqE0PwQmBw
.bidswitch.net/	1970-01-20 17:37:54	Name: tuuid Value: fb26a8e9-ade5-4e59-a33d-47cd1913b823
.bidswitch.net/	1970-01-20 17:37:54	Name: c Value: 1673538827
.bidswitch.net/	1970-01-20 17:37:54	Name: tuuid_lu Value: 1673538827
.rubiconproject.com/	1970-01-20 17:37:54	Name: khaos Value: LCT9T3RW-1W-IOCK
.rubiconproject.com/	1970-01-20 17:37:54	Name: audit Value: 1\|UmDyDLZmMLB9fCGYkVyygfHjnAYnnQnEWUGYBBV3A+ceECEUBMheiqBEWMZvn2KaIGUtIDkDSBYwHTRO1/p4iF0807/IwESHaAk+w9896Gr2mXntPvQHwyFGXRoEdgdFPg/mnNoNlvs/CyOrETAOwSjTiriAmCNH3OlDu/ORdD8=
.expel.com/	1970-01-20 17:37:54	Name: _clck Value: 1uj3hrp\|1\|f87\|0
.bluekai.com/	1970-01-20 13:12:57	Name: bku Value: tJ/999L+ysBlUWDU
.bluekai.com/	1970-01-20 13:12:57	Name: bkpa Value: KJyA0ncvQp9x9mY7mDzN50qiWcfI/GcutPZYL4E9x6Arx2II6sT4UN5R2T8smIW4JtIxOrrSQTUP26lKWt4dDg6v6e2Q99hPuCrl0F3IM3Mw16rf7x/RuCVQD/DE6eh1QYfVg6z0Ool+KpLSxw5nyss2w5jkrzI49xYAXYKM
.yahoo.com/	1970-01-20 17:38:16	Name: A3 Value: d=AQABBAstwGMCELNp3f4m9DuTSfVLLDK3SgcFEgEBAQF-wWPKYwAAAAAA_eMAAA&S=AQAAAn8H32sE0Av0nYwDKPHid4o
.expel.com/	1970-01-20 11:01:54	Name: _gcl_au Value: 1.1.1465862798.1673538828
.analytics.yahoo.com/	1970-01-20 17:37:54	Name: IDSYNC Value: 1766~29dr
.admanmedia.com/	1970-01-20 17:37:54	Name: admtr Value: ff275617-3388-487f-8c1f-e3bbd16e6801
.adsrvr.org/	1970-01-20 17:37:54	Name: TDID Value: 81982044-ad55-428e-a2be-34d8ffd25a81
.expel.com/	1970-01-20 18:28:18	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Jan+12+2023+15%3A53%3A47+GMT%2B0000+(GMT)&version=6.31.0&isIABGlobal=false&hosts=&consentId=278b4db3-b3eb-4265-9de4-ad3a558f8a57&interactionCount=0&landingPath=https%3A%2F%2Fexpel.com%2Fblog%2Fseven-ways-to-spot-business-email-compromise-office-365%2F%2522%2C%2522https%3A%2Fattack.mitre.org%2Ftechniques%2FT1114%2F&groups=C0001%3A1%2CC0004%3A1%2CC0002%3A1%2CC0003%3A1
.adsrvr.org/	1970-01-20 17:37:54	Name: TDCPM Value: CAESFAoFdGFwYWQSCwj6tKOY56-6OxAFGAUgASgCMgsIpryVxP2vujsQBTgB
.expel.com/	1970-01-20 08:53:45	Name: _gid Value: GA1.2.1159946574.1673538828
.expel.com/	1970-01-20 08:52:18	Name: _gat_UA-97464802-1 Value: 1
.expel.com/	1970-01-20 08:53:45	Name: _clsk Value: ekhyj6\|1673538827918\|1\|1\|j.clarity.ms/collect
.tapad.com/	1970-01-20 10:18:42	Name: TapAd_3WAY_SYNCS Value: 1!303
.expel.com/	1970-01-20 18:28:18	Name: _ga_8DE31SMF5B Value: GS1.1.1673538827.1.0.1673538827.0.0.0
.linkedin.com/	1970-01-20 11:01:54	Name: li_sugr Value: 3804441a-4f5e-453d-8af0-d2ad0c58c875
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:37:54	Name: bcookie Value: "v=2&23090b7a-7b68-4c51-886e-4aa6ebc9da16"
.linkedin.com/	1970-01-20 08:53:45	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2827:u=1:x=1:i=1673538827:t=1673625227:v=2:sig=AQHT0qsVP5ttN0fOHP8d7cS0Mgqa4IRc"
.expel.com/	1970-01-20 17:37:54	Name: _hjSessionUser_3182238 Value: eyJpZCI6ImYwZTIxMDMxLTJkMjQtNTZhYi04MjE1LTc1ODI2OTE3YjFlOSIsImNyZWF0ZWQiOjE2NzM1Mzg4Mjc4OTQsImV4aXN0aW5nIjpmYWxzZX0=
.expel.com/	1970-01-20 08:52:20	Name: _hjFirstSeen Value: 1
expel.com/	1970-01-20 08:52:18	Name: _hjIncludedInSessionSample Value: 1
.expel.com/	1970-01-20 08:52:20	Name: _hjSession_3182238 Value: eyJpZCI6IjVhOGE3NmQ2LTc5MzgtNGRlYS05ZTE0LTMzMjNiOTQ2NDMwMyIsImNyZWF0ZWQiOjE2NzM1Mzg4MjgwMDQsImluU2FtcGxlIjp0cnVlfQ==
expel.com/	1970-01-20 08:52:18	Name: _hjIncludedInPageviewSample Value: 1
.expel.com/	1970-01-20 08:52:20	Name: _hjAbsoluteSessionInProgress Value: 0
.acuityplatform.com/	1970-01-20 17:37:54	Name: auid Value: 731129868340
.acuityplatform.com/	1970-01-20 17:37:54	Name: aum Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqBNjT6jXVzZXJNYXRjaGluZ0lkJAKAkWxhc3REcm9wVGltZU1pbGxpcyUBQmlVfzeMmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUJpVX83jI90aGlyZFBhcnR5VXNlcklkYzNjNzk2NTE4LWQ0ZTgtNGM2MC05NjBkLTgxNzY1MDZlOTA3NfuBNDn6QiQBokMlAUJpVX8nmkQhRSH7gjEyOfpCJASCQyUBQmlVfyeaRCFFIfuBMTf6QiSiQyUBQmlVfyeaRCFFIfuAMvpCxEMlAUJpVX8nmkQhRSH7gjEwMfpCJAOKQyUBQmlVfyeaRCFFIfuCMTM1+kIkBI5DJQFCaVV/J5pEIUUh+4IxMTn6QiQDrkMlAUJpVX8nmkQhRSH7gTcy+kIkApBDJQFCaVV/J5pEIUUh+4ExMPpC1EMlAUJpVX8rkEQlAUJpVX8rkEVSNzY1MDUyNzczNTU5NDM1NTA1Mvv7hnZlcnNpb27C+w=="
.linkedin.com/	1970-01-20 09:35:30	Name: UserMatchHistory Value: AQLYwFn4rgjFtAAAAYWmr_cRFZtiJ58gpC_JGNxlWEspnhwQpC2dN-rE7PUJHe4117pufgH6NRKiGw
.linkedin.com/	1970-01-20 09:35:30	Name: AnalyticsSyncHistory Value: AQIPv1J90p_9GQAAAYWmr_cRp7kq7KYfglg0Vdhw9kL7DUBiODerAx--0JiIlM2bTtrY7Ua5WtHuImOrOZO9Bw
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 17:37:54	Name: bscookie Value: "v=1&202301121553489f3341b8-b78a-4739-814f-c75ecf5aa146AQENsR0owFiV-E-LmmZddvg4U8uJXnGb"
expel.com/	1970-01-20 08:53:45	Name: ln_or Value: eyIxNzQ5MDUiOiJkIn0%3D
expel.com/	1970-01-20 08:52:20	Name: drift_campaign_refresh Value: 4de6bc65-8020-4161-bc46-6df49cf4521b
.expel.com/	1970-01-20 18:28:18	Name: _ga Value: GA1.2.1361497721.1673538828
.c.bing.com/	1970-01-20 09:02:23	Name: MR Value: 0
.c.bing.com/	1970-01-20 18:13:54	Name: SRM_B Value: 30BC3A9CDDBA6CAC3E0E280BDC106D2A
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 18:13:54	Name: MUID Value: 30BC3A9CDDBA6CAC3E0E280BDC106D2A
.c.clarity.ms/	1970-01-20 09:02:23	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 08:52:19	Name: ANONCHK Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://expel.com/blog/seven-ways-to-spot-business-email-compromise-office-365/%22,%22https:/attack.mitre.org/techniques/T1114/ Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

986-vwl-068.mktoresp.com
analytics.twitter.com
api.company-target.com
b.6sc.co
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
content.hotjar.io
e.acuityplatform.com
expel.com
expel.io
geolocation.onetrust.com
ib.adnxs.com
in.hotjar.com
info.expel.com
ipv6.6sc.co
j.6sc.co
j.clarity.ms
js.driftt.com
match.adsrvr.org
metrics.api.drift.com
munchkin.marketo.net
origin.acuityplatform.com
p.typekit.net
pixel.advertising.com
pixel.rubiconproject.com
pixel.tapad.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
stackpath.bootstrapcdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.admanmedia.com
t.co
tags.bluekai.com
ums.acuityplatform.com
ups.analytics.yahoo.com
use.typekit.net
vars.hotjar.com
www.clarity.ms
www.g2.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
x.bidswitch.net
api.company-target.com
b.6sc.co
104.102.141.31
104.17.74.206
104.244.42.133
104.244.42.67
104.95.194.74
107.178.246.49
13.107.42.14
13.225.214.60
13.225.223.85
152.199.2.76
18.164.96.77
18.203.123.105
18.66.2.60
184.50.205.247
192.28.144.124
199.232.36.157
20.110.81.91
20.85.30.134
23.4.230.40
2600:1400:d:5a1::1c91
2600:1400:d::6878:d2aa
2600:141b:13::17d7:8252
2600:141b:13::17d7:8279
2600:9000:225f:ac00:2:53b2:240:93a1
2606:4700::6810:9440
2606:4700::6812:1a55
2606:4700::6812:6494
2606:4700::6812:bcf
2607:f8b0:4004:c08::9b
2607:f8b0:4006:808::200e
2607:f8b0:4006:816::2004
2607:f8b0:4006:81c::2003
2607:f8b0:4006:824::2008
2620:1ec:21::14
2620:1ec:48:1::40
2620:1ec:c11::200
3.248.94.213
3.33.220.150
3.94.218.138
34.111.83.20
35.211.178.172
54.156.130.60
54.175.87.114
68.67.179.164
68.67.181.211
69.173.151.100
69.90.254.51
69.90.254.78
8.2.110.24
0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4
0b45849258801d8c7f52a8440b625bc6d5f7382052813afcb081bb2486e84882
11b2985d72eda998187ab63f3e94950916e8856c659ee09af9780e59a37718ca
154328df8cbf0e418cd07d834cc65eefe68c445219d4d108672d05710fd630d8
186069134d483966274921a88b225458ba56902314f389b82e27a65735650cf1
18d1b370b94460a4cc0b6b03ac81cda1aba4db285000f52bc8e0f4b16d77c813
18f9babcd4ce98e362603e3b466392e89de01f0573d3826b1c34c690a6617ba2
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cb2a3ed712d8fcfa64505237ae54ffe9f2f5d293f371f40871d830891568b88
1dca4f2dcfb119cbe001fb3b31e559aed59674832f729fbf9170d2f23803f9c3
1e73c80146f80f959b8145882f2ffe28ede116eedcdab05b07f197f8fac54f01
1e90f1070a36b9af702e9dfe343699ad24792275f294a6711f2e02ed43722d99
20997bd3984886e845f5a5e0d036f9808a5e30051f219705ef4e6ef1ef1b0f55
262543d80549b46b0cc352316b4526dbcfdeec726d8c4a85dd86a043f2a492f2
26520a5d469fc4fa344a2a02d173ee9d8c5cff774f79b22ff7d9630497e64ef3
29c9837d879a61c89343a4961a24baec69825d8fb1da68bdaa329869596455c1
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cd83d5a29914ad4797748d8e80fbc42c2131fbce9bbcdf2749a275fc7db875f
314ce6baaa3218eb171fa2c278d7fdf1b9872305dfa667e9cbf2df77c83a9a88
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
335232b6561e0fbf8142961ab04844d975fb1f4ba7ea1e0535557897da8ce364
36c40f30897f929bafd68f5c638380ee88232a849f986fa2988c704449e606ff
36c44093111f86bfb1d1c9ad9b13b4c3aab6ded96c5feca3fc797ae554bfb217
3a5e42cacc441ab88f1dbe643ab56ecf6f171395d3fa2f764a4c4d9fa02a8c17
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d277a90920d78efa3d6e473d67240beb26100591c7b02a34bd444aa78ee5d5c
4063f3cf2ee2dcc8f7bfda33ca4d43c43b6acbc5b6d52c5352ef6791b3d5ef02
42da203fcc4325bd58c8c868e9213def8ca9b8d58e79d68e86c0fd8a5744e72d
4638e49c50d5847ec06ec24064ee9c5746248370e0c476d74f85deb9c7fe5df1
46e6f42a22054a793841935920cbbc723856e339fead50fa33c1f1bb3ec5a251
47713a2c5569c4ef644b68e23faac6b2402321213d8997757fb354710528f307
489eb2769765657c9325f65117f5c7b87ffc4eab547622608c12c8f6fd60df1b
49833d4630b9210a068354f7b8cb192d76b5b66086874772f84e819a7b691276
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b7fcc71f2345201fb332e802b071e396b05623d04d410bbc6f4b010c673f3bf
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
505aa4df244336566460d944283a0c809bf8c5291bbf73381b2af539495bf14e
50bfd91bb65762023b74efba030d3212fef8f6261707ba8edb9e4b28d13bb5ed
5575d22bbb7b326cdea46415b913ef2cb88cbe286e14256aac8ae7505f51a833
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e6e56f773b85521397bc97ab14645ce1736bffb0ed27b1d061bbee65a54e74b
627f94c1d1598f85da3742af706137daf93218b87e8c5e99ee01c0ce027c8ccf
62c0466b6e78094d8bb9b9fb50f13f3eb39e3be88dce7663ecfbcabde18b64bc
62eb2106959f57e67d6a5209dc51af437b7b61a4256fd93b1a822e4d606ef9ce
63d279105229c6f1f841644babfd4f4891ea77de6a91818d9549f7328ad4c5b2
66bee368cd16bf0d9a64e4252953d1179f42ad9bfcae08c8abc8b46e5d304b24
67dd30b016796a0f97e39c2aff3a730cbae742cce659ffbcd1c4518cdc8309e1
69e576e366786296a4fd1a3976f9fecc65f43c1b40e92c7e64c626bc52597632
6aafe4dc4321bce762f863ce88aec5f7d4ed705477478be6510b0c2a48ef714e
6c85779799bcae6814743b55143e79953fbcbf096e805fe7c68e754b45629e74
6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1
6d0e24692c4413806e776a723a628f61a358836b7b67d413d04b0dd9a34dec4b
6d72a62b81fae1240c4fb77955b1f095a14c8f4e457332b938fe1dd22df812ee
70713cff7a74460b7252af840d785a7d6cb0c63c2b1d44227ecda6601a2264ab
73b7536c82d23bd8bb1f28778009d16a26c9bb7624a3caf41289284aa33d54d7
73fdb1dca6065de3e0bd723ec44423a863bf28475a359de802fa7a6e9fc4633e
759a08226cc8d5a5a89c64b7f814457ee6191384f30e4dc9cd123aaf279003fd
75f4587475a23f3b854ec671a1b2fecfdffdf39b0e4d385613b28a6ffaf7980c
79960bf70a9d0360c03fc4e01f3a57cd49c67f0ce53329d4df510401046b65c5
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7c84228ed9fda37b1a705d323bf1a6b1ed68d1adf2a4e3cdf5d6fb4d654bae07
7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509
813b0556df0bd4936d3dc4a84028c978c6336b94991581b42cc5c1b1da5fe932
81850589818a7e93ccbe04ddffa6aa6a4f3ab268f6a2a10a9b47b97d8d383294
81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827
83024b4d50640c765fd212f5c6d5a6a57a2146088b005381868849db10dffcb3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85ecfdf8c0b9326d81efc9756ae9fbbb770b43085e7936e7a00459ec83a46864
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
87dc5e63d855136c519f10d5bfb4b9b8932735683a6e74bcd53166b147908cb8
89cf66cb9de8da20fc15e9953845dd4d1de2c0fb465c827a09d818449222c533
8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421
8d75ed8be54171bb3c05d76b034b951db965c74f04fa9d3e1b9189c0767ecc07
90a016938d98920d1b22ffa5f36d3ba6796b5ebe6858e6b5bdc1cddc872cf174
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
941590a957107ad5194a08047e7010c59b13bbf024af936678696069dccc790f
97b5b6bb0bfd4413504da4a5b78546698c75a127fff51b095080ee7fd3b8ec0c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b65d01fc7528ea948471c674a1da19229a4f0859fe1b1b171e3b59a7b86b230
9d5478ed0fba429549dbf0f5a50df6644f21775decb625a9b448d4a02f1f4f01
9ee70b9597985abb196354f055937f16643e8d32fb6c4ec6e2adb9e7bd0b540b
a0a21324b6c931181f39056b15ccc003f827dd63e70cf6edef1338c3597b5981
a0da3cdc4c400e5e5030c733b68bff8fddc8c4c82c2432330fa8cb858b16bd85
a4f562534e62ae4287bbb482954c259b1089bba05611d0bbb06d48811c9125b1
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
add54347c552dee400f4da9399415a8a5dc6c7000647219699ef7cf137d7bd3b
aeab6f0743cdde5d8f51116e097918579e39a27010295a83b5d9bae49f7e80e4
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0f7e256b2f20fccf75b28217b8364411c86632a9cdb5e75fb7b9ce390981051
b0fadf75681475e975bd2bdaceac6c08e8f5ef06f9a1c7fe9f3f7a571f5bc935
b22a1ebdf9aecea6f73860db0e9d184d96d28d85196efd42cfae5d8d0f103571
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4431e8fb419838f86862275f088a0079b15ee6612d8ca2285b403f45c713dff
b4cfcb4d356ea5804502849bcafd4dfeb016947ea9a5f3702a2dc18faebe8d54
b7c8d4a616f9ad465962fb1c81b57ec6bf5aadfa6fcff516c4891a9fd1262093
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
bb76ca3944701fe2ed3d16abda18917b4b5d4e2f25cce44d48ca385570fd7a5d
bc239bcea412c55851ac6940a5a87baf775d3fb1a21423eed175e03e90774c64
bd5d20116afec87d67cb7a5218b2c1788a3dfb9a97b8f2f6b0a50485cc65bd1f
c04837b935b6d1fac0cbffc4a53bf19a6d89029742dbc4c8ad001c1078f5f957
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c65c0caf65a36c8bb25dddac082d92dc2d2629132cfb0097a59424d7f6faf156
c707eabfdf3115ceaf0e76697e5f7ce0511660692c64474e436a21a0e4067823
c81c74d2c9334e65184b3bdca580494dac18d247b598415b37c89e83411a65be
c92c6a06a05ebbc74655d4d596a2e169f97f1ad070ee073e4024106654441a7c
cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc
cdf8baf4a9dad883aa772cce20533f07ae9651c61b16145ec2f6df816ff59fbb
cf555841b32a535d140aef673345cf1edf3d546f77691fcf35eb9dfa6465df23
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d3a5bb8fdec7d6c686e33952e5dcf921125fd7c7242dc94f7fe569686d8e6ae8
d3c4b1d1abee7af1529758460c464a8721f281dfc899159dc36f521534d53fc6
d4a29d779cb19d3ac85c2178ce96d30e9cd647d68d9b6eccd0613dfc51798668
d5c1ad551c121bee3ab5ec67df650f929a74368057152d6c09a12c6df0651dc6
d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2
d9d4364a78ad8a1ae488d29d893bd7e6a5ded7b6b65e1243988b3cccb5adbea1
da5186fe0bb5dd59e7ece6ee7efac70c31755611e385fa423585572cb9628fcf
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e12404ccb0492da0a89fbda8db0ddb3c2358fcbd6d29b0c106ba840ca5f5e8ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e7b9e73338554c8f9cc6dc934fc765f21b7f12b42c3908b07347dfb5fb90f165
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ee623088efef15d6dfbcb15db1698428a516ed52362ff3643cff0577a4f6b26c
eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0fa9763374400318fbbb9ede5deeaf318f8423a2dd52c1f66303f95bd7db097
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f31914cfde2f16e02ab4d628bb4174d58c9486f153e9ed4d39b1650fc09dd15a
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f4f74bbad66d7e96390d25c5ea46cdb64d0570401582563d22c937abf0806805
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f5a0bb11ccb2b765a9ea803f2904919385d9d3bd0fbf565595626b0dd60cbea4
f67e6e877653955ae2e03ac006607f2bbd01953cb5e8954116b165211befe54f
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
faaef704fadda205ac958aae44d2ec7fd73576fecb4d21e1b6cccf8d5c031b62
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe4946db1f133c18e59bde7de4f6e87a50d288f85ec8440451b998e0f3f17e66

expel.com Open in urlscan Pro 54.156.130.60 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

201 Requests

95 %HTTPS

35 %IPv6

40 Domains

57 Subdomains

44 IPs

3 Countries

2559 kBTransfer

6332 kBSize

75 Cookies

7 Outgoing links

Page URL History

Redirected requests

201 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

expel.com Open in urlscan Pro
54.156.130.60 Public Scan

Screenshot
Live screenshot

Full Image

201
Requests

95 %
HTTPS

35 %
IPv6

40
Domains

57
Subdomains

44
IPs

3
Countries

2559 kB
Transfer

6332 kB
Size

75
Cookies

201 HTTP transactions
2 data transactions