Submitted URL: https://aia-microsoftonline.com/
Effective URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-bec...
Submission Tags: @phishunt_io
Submission: On January 09 via api from ES

Summary

This website contacted 42 IPs in 10 countries across 35 domains to perform 112 HTTP transactions. The main IP is 52.151.96.240, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.trustwave.com.
TLS certificate: Issued by Trustwave Extended Validation SHA256 ... on November 10th 2020. Valid for: a year.
This is the only time www.trustwave.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 204.13.200.221 33151 (TRUSTWAVE...)
17 39 52.151.96.240 8075 (MICROSOFT...)
6 2606:2800:234... 15133 (EDGECAST)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.12.217 54113 (FASTLY)
4 204.79.197.234 8068 (MICROSOFT...)
4 104.75.88.112 16625 (AKAMAI-AS)
2 104.111.236.192 16625 (AKAMAI-AS)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
16 52.239.152.234 8075 (MICROSOFT...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
6 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 13.224.94.98 16509 (AMAZON-02)
1 199.232.136.157 54113 (FASTLY)
1 172.217.22.98 15169 (GOOGLE)
1 2 172.217.18.6 15169 (GOOGLE)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.197 13414 (TWITTER)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.224.94.39 16509 (AMAZON-02)
1 2.18.235.40 16625 (AKAMAI-AS)
1 104.244.42.195 13414 (TWITTER)
3 13.224.94.56 16509 (AMAZON-02)
2 2a03:2880:f12... 32934 (FACEBOOK)
1 13.224.94.30 16509 (AMAZON-02)
1 192.28.144.124 15224 (OMNITURE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2603:1010:2::121 8075 (MICROSOFT...)
1 52.208.57.208 16509 (AMAZON-02)
1 13.224.94.105 16509 (AMAZON-02)
2 2 52.17.171.52 16509 (AMAZON-02)
2 2603:1040:900... 8075 (MICROSOFT...)
2 2603:1020:d01... 8075 (MICROSOFT...)
2 51.107.59.180 8075 (MICROSOFT...)
112 42
Apex Domain
Subdomains
Transfer
39 trustwave.com
www.trustwave.com
390 KB
16 windows.net
trustwave.blob.core.windows.net
879 KB
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
272 KB
6 footprintdns.com
f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com
d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com
2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com
972 B
6 fonts.net
fast.fonts.net
81 KB
5 google.com
www.google.com
2 KB
4 doubleclick.net
10419288.fls.doubleclick.net
googleads.g.doubleclick.net
stats.g.doubleclick.net
2 KB
4 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
in.hotjar.com
62 KB
4 atmrum.net
www.atmrum.net
4 KB
3 terminus.services
vidassets.terminus.services
4 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
3 KB
3 google-analytics.com
www.google-analytics.com
53 KB
3 cookiepro.com
cookie-cdn.cookiepro.com
22 KB
3 addthis.com
s7.addthis.com
m.addthis.com
114 KB
2 visualstudio.com
dc.services.visualstudio.com
215 B
2 adsrvr.org
match.adsrvr.org
1013 B
2 facebook.com
www.facebook.com
494 B
2 google.de
www.google.de
196 B
2 facebook.net
connect.facebook.net
92 KB
2 marketo.net
munchkin.marketo.net
6 KB
1 hotjar.io
vc.hotjar.io
255 B
1 onetrust.com
geolocation.onetrust.com
403 B
1 mktoresp.com
815-rfm-693.mktoresp.com
311 B
1 addthisedge.com
v1.addthisedge.com
325 B
1 twitter.com
analytics.twitter.com
652 B
1 moatads.com
z.moatads.com
1 KB
1 t.co
t.co
449 B
1 googleadservices.com
www.googleadservices.com
12 KB
1 ads-twitter.com
static.ads-twitter.com
2 KB
1 licdn.com
snap.licdn.com
2 KB
1 azureedge.net
trustwave.azureedge.net
69 KB
1 msecnd.net
az416426.vo.msecnd.net
22 KB
1 vimeo.com
player.vimeo.com
7 KB
1 googletagmanager.com
www.googletagmanager.com
53 KB
1 aia-microsoftonline.com
aia-microsoftonline.com
904 B
112 35
Domain Requested by
39 www.trustwave.com 17 redirects www.trustwave.com
az416426.vo.msecnd.net
16 trustwave.blob.core.windows.net www.trustwave.com
6 fonts.gstatic.com www.trustwave.com
6 fast.fonts.net www.trustwave.com
fast.fonts.net
5 www.google.com www.trustwave.com
www.gstatic.com
4 www.atmrum.net www.trustwave.com
www.atmrum.net
az416426.vo.msecnd.net
3 vidassets.terminus.services www.googletagmanager.com
www.trustwave.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
az416426.vo.msecnd.net
3 cookie-cdn.cookiepro.com www.trustwave.com
cookie-cdn.cookiepro.com
2 dc.services.visualstudio.com az416426.vo.msecnd.net
2 2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com www.trustwave.com
2 d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com www.trustwave.com
2 match.adsrvr.org 2 redirects
2 f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com www.trustwave.com
2 www.facebook.com www.trustwave.com
connect.facebook.net
2 www.google.de www.trustwave.com
2 px.ads.linkedin.com 1 redirects www.trustwave.com
2 connect.facebook.net aia-microsoftonline.com
connect.facebook.net
2 10419288.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 munchkin.marketo.net www.trustwave.com
2 s7.addthis.com www.trustwave.com
s7.addthis.com
1 vc.hotjar.io az416426.vo.msecnd.net
1 in.hotjar.com az416426.vo.msecnd.net
1 geolocation.onetrust.com www.trustwave.com
1 815-rfm-693.mktoresp.com az416426.vo.msecnd.net
1 vars.hotjar.com static.hotjar.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 analytics.twitter.com static.ads-twitter.com
1 z.moatads.com s7.addthis.com
1 script.hotjar.com static.hotjar.com
1 stats.g.doubleclick.net az416426.vo.msecnd.net
1 t.co www.trustwave.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.linkedin.com 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 trustwave.azureedge.net www.trustwave.com
1 www.gstatic.com www.google.com
1 az416426.vo.msecnd.net www.trustwave.com
1 player.vimeo.com www.trustwave.com
1 www.googletagmanager.com www.trustwave.com
1 aia-microsoftonline.com
112 45
Subject Issuer Validity Valid
aia-microsoftonline.com
R3
2021-01-08 -
2021-04-08
3 months crt.sh
www.trustwave.com
Trustwave Extended Validation SHA256 CA, Level 1
2020-11-10 -
2021-11-25
a year crt.sh
s9.wac.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2019-01-16 -
2021-02-03
2 years crt.sh
www.google.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
vimeo.map.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-08-07 -
2021-04-24
9 months crt.sh
atmrum.net
Microsoft Azure TLS Issuing CA 05
2020-12-28 -
2021-12-23
a year crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1
2020-07-22 -
2021-10-13
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
cookiepro.com
Cloudflare Inc ECC CA-3
2020-07-06 -
2021-07-06
a year crt.sh
sni1e6ffgl.wpc.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2020-04-16 -
2022-04-21
2 years crt.sh
*.gstatic.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01
2020-11-19 -
2021-11-19
a year crt.sh
*.azureedge.net
DigiCert SHA2 Secure Server CA
2020-11-21 -
2021-11-30
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.hotjar.com
Amazon
2020-12-25 -
2022-01-23
a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2020-08-14 -
2021-08-19
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
*.doubleclick.net
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-12-22 -
2021-03-21
3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2021-01-06 -
2021-07-05
6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.google.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
www.google.de
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
*.google.de
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.terminus.services
Amazon
2020-12-16 -
2022-01-14
a year crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2022-01-21
2 years crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA
2020-05-21 -
2022-07-27
2 years crt.sh
*.footprintdns.com
Microsoft Azure TLS Issuing CA 02
2020-10-09 -
2021-10-04
a year crt.sh
*.hotjar.io
Amazon
2020-09-15 -
2021-10-15
a year crt.sh
in.applicationinsights.azure.com
Microsoft IT TLS CA 4
2020-04-30 -
2022-04-30
2 years crt.sh

This page contains 6 frames:

Primary Page: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Frame ID: A45F7B12AA5601C66073BD33C8992871
Requests: 106 HTTP requests in this frame

Frame: https://10419288.fls.doubleclick.net/activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F
Frame ID: 1E19086D3BD196B82411F0B4C33C03CF
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 03AE89EC829AB06AF76100E9464E5584
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 5D0CD3506C619195FBE72C6FA31D4F58
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&size=invisible&cb=qgtw22bbed0k
Frame ID: 1D03ECCF8043437A4E998F57F263995D
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: CB57346CCAAF758F2C31CAAB94C8E9C4
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://aia-microsoftonline.com/ Page URL
  2. https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/recaptcha\/api\.js/i

Page Statistics

112
Requests

99 %
HTTPS

49 %
IPv6

35
Domains

45
Subdomains

42
IPs

10
Countries

2154 kB
Transfer

3969 kB
Size

25
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://aia-microsoftonline.com/ Page URL
  2. https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg?v=0.0.1 HTTP 301
  • https://www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg/?v=0.0.1
Request Chain 26
  • https://www.trustwave.com/media/16992/reprint_the-forrester-wave_global-managed-security-services-providers_q3-2020-cover.png?anchor=center&mode=crop&width=400&rnd=132404200250000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
Request Chain 27
  • https://www.trustwave.com/media/16795/once-future-cover-image.png?anchor=center&mode=crop&width=400&rnd=132344863110000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
Request Chain 28
  • https://www.trustwave.com/media/16254/the-underground-economy-cover.png?anchor=center&mode=crop&width=400&rnd=132094902880000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
Request Chain 29
  • https://www.trustwave.com/media/16414/cyber-multicloud-ebook-cover-image.png?anchor=center&mode=crop&width=400&rnd=132176020710000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
Request Chain 30
  • https://www.trustwave.com/media/15106/ierr37pw.png?anchor=center&mode=crop&width=400&rnd=131992175790000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
Request Chain 31
  • https://www.trustwave.com/media/7356/7145.jpg?anchor=center&mode=crop&width=400&rnd=131644845120000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
Request Chain 32
  • https://www.trustwave.com/media/16657/gartner-mdr-cover.png?anchor=center&mode=crop&width=400&rnd=132308413190000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
Request Chain 33
  • https://www.trustwave.com/media/17576/solarwindsblog-bogheader.jpg?anchor=center&mode=crop&width=400&rnd=132545138790000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/4/a/d/a/8/1/4ada81588dcfb839b624614ec9cf5df23d7d7ed0.jpg
Request Chain 34
  • https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
Request Chain 35
  • https://www.trustwave.com/media/17557/sl-comic-book-cover.jpg?anchor=center&mode=crop&width=400&rnd=132542557620000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/4/c/5/c/2/2/4c5c22a66b8e0b826975bb124626e6bf298ed0a5.jpg
Request Chain 36
  • https://www.trustwave.com/media/17186/adp-softwave_cover.png?anchor=center&mode=crop&width=400&rnd=132448500440000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/0/6/a/f/a/f/06afafc72bd6d274723e1e23b9b2d3b1aaa18f61.png
Request Chain 37
  • https://www.trustwave.com/media/17580/domoreless-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=132546176510000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/7/3/8/3/2/9/738329860831758fdafe0f4582244df007b5ff45.jpg
Request Chain 38
  • https://www.trustwave.com/media/17578/preparecmmc-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=132546173740000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/c/a/9/b/d/6/ca9bd654e20f7b475aa14e7be7674494ddfd2651.jpg
Request Chain 40
  • https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
Request Chain 43
  • https://www.trustwave.com/media/17573/cmmcnewyear-bogheader.jpg?anchor=center&mode=crop&width=400&rnd=132544539210000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/9/b/a/9/0/7/9ba90769335931364c049107b68b1e1cbd6d58ed.jpg
Request Chain 44
  • https://www.trustwave.com/media/16499/blog-header.jpg?anchor=center&mode=crop&width=400&rnd=132228204620000000 HTTP 302
  • https://trustwave.blob.core.windows.net/cache/6/7/d/8/2/5/67d82579a40168c3825c9de0ad001a8f2b518d1e.jpg
Request Chain 61
  • https://10419288.fls.doubleclick.net/activityi;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F HTTP 302
  • https://10419288.fls.doubleclick.net/activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F
Request Chain 64
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1610156581970&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26time%3D1610156581970%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen-us%252Fresources%252Fblogs%252Ftrustwave-blog%252Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1610156581970&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&liSync=true
Request Chain 98
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff HTTP 302
  • https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff&t=56e31a12-9c8c-4b6e-bc01-be8f27a7c83a

112 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
aia-microsoftonline.com/
398 B
904 B
Document
General
Full URL
https://aia-microsoftonline.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.13.200.221 Littleton, United States, ASN33151 (TRUSTWAVE-ASN, US),
Reverse DNS
edu.trustwave.com
Software
Lucy /
Resource Hash
adf69d38e2487f50595e753a596abe161e9eee78fa68fd0d96d2901478f7de11
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Host
aia-microsoftonline.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 09 Jan 2021 01:42:54 GMT
Server
Lucy
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Set-Cookie
PHPSESSID=okatua7o9nn7necnk77h6ptr46; path=/; secure; HttpOnly
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
*
Access-Control-Allow-Headers
*
Content-Length
294
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request /
www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
105 KB
26 KB
Document
General
Full URL
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
513dc4ad9074be013baa6b46aec20fcdd61a0d7ca25146d51f3b6b84198fa871
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.trustwave.com
:scheme
https
:path
/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://aia-microsoftonline.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://aia-microsoftonline.com/

Response headers

cache-control
no-cache
pragma
no-cache
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
-1
vary
Accept-Encoding
set-cookie
ARRAffinity=0fe201a6b3a0915eccf607cb65d25a0658b691b31fcd5d5405ca4f32b9366d51;Path=/;HttpOnly;Secure;Domain=trustwave-umbraco-uk.azurewebsites.net ARRAffinitySameSite=0fe201a6b3a0915eccf607cb65d25a0658b691b31fcd5d5405ca4f32b9366d51;Path=/;HttpOnly;SameSite=None;Secure;Domain=trustwave-umbraco-uk.azurewebsites.net ApplicationGatewayAffinity=bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890;Path=/;Domain=www.trustwave.com ApplicationGatewayAffinityCORS=bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890;Path=/;Domain=www.trustwave.com;SameSite=None;Secure
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:01 GMT
content-length
25986
9c85e15b-99ed-40a4-929d-2262f9ed2706.css
fast.fonts.net/cssapi/
6 KB
1010 B
Stylesheet
General
Full URL
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40B6) /
Resource Hash
6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
last-modified
Tue, 28 Apr 2020 14:50:47 GMT
server
ECS (fcn/40B6)
age
1334934
etag
"2121817011"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-length
817
expires
Sat, 16 Jan 2021 01:43:01 GMT
styles.min.css
www.trustwave.com/dist/css/
244 KB
51 KB
Stylesheet
General
Full URL
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9aca0224d81ef661adb8ade2f5cde9d77dc6f7bd0299f9f7598363a3a81bfc87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:04:50 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"09d46b49dd8d61:0"
vary
Accept-Encoding
content-type
text/css
date
Sat, 09 Jan 2021 01:43:01 GMT
accept-ranges
bytes
content-length
52177
x-xss-protection
1; mode=block
api.js
www.google.com/recaptcha/
850 B
642 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c04cbfe21e23ceb866fae28e981a17dfe9ce6cb178943dda6f11a495255ec137
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
554
x-xss-protection
1; mode=block
expires
Sat, 09 Jan 2021 01:43:01 GMT
api.js
www.google.com/recaptcha/
884 B
654 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7e71c641e32d06d04105977215bb51b545056e73ae7c91ed3307cfd4022bd93c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
585
x-xss-protection
1; mode=block
expires
Sat, 09 Jan 2021 01:43:01 GMT
gtm.js
www.googletagmanager.com/
157 KB
53 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cf1fbbb71ac9b556806b4d1518915d23843a5d92012495e09cca672b605f98b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53909
x-xss-protection
0
last-modified
Sat, 09 Jan 2021 00:11:40 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 09 Jan 2021 01:43:01 GMT
Singtel%20Logo.svg
www.trustwave.com/img/logo/
5 KB
5 KB
Image
General
Full URL
https://www.trustwave.com/img/logo/Singtel%20Logo.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ace78f63f590160b0748a26e60d8b453b4d4ac8bc4da20967632bf7e5bcb58e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
etag
"0214d29dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:01 GMT
accept-ranges
bytes
content-length
4945
x-xss-protection
1; mode=block
Optus%20Logo.svg
www.trustwave.com/img/logo/
3 KB
3 KB
Image
General
Full URL
https://www.trustwave.com/img/logo/Optus%20Logo.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2a1c9874549a1cb94b6e0dc5822b4f5ca14386d39214a8145670fc1c50045496
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
etag
"0214d29dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:01 GMT
accept-ranges
bytes
content-length
2799
x-xss-protection
1; mode=block
linkedin.svg
www.trustwave.com/img/icon/social/svg/dark/
636 B
677 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/dark/linkedin.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
636
x-xss-protection
1; mode=block
twitter.svg
www.trustwave.com/img/icon/social/svg/dark/
778 B
819 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/dark/twitter.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
778
x-xss-protection
1; mode=block
facebook.svg
www.trustwave.com/img/icon/social/svg/dark/
446 B
491 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/dark/facebook.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
446
x-xss-protection
1; mode=block
/
www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg/
Redirect Chain
  • https://www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg?v=0.0.1
  • https://www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg/?v=0.0.1
64 KB
64 KB
Image
General
Full URL
https://www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg/?v=0.0.1
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
401e8c9f7f2ebc632adc7a11d64961f35774f8ea948d23b975bd75742d03e673
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache
content-length
141813
x-xss-protection
1; mode=block
expires
-1

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://www.trustwave.com/twblog-02-27-2018-10-34-58/assets/0/2147483660/2147483703/ccf1fa03-ad57-48a2-b9d0-325ae7118c6d.jpg/?v=0.0.1
cache-control
no-cache
content-length
256
x-xss-protection
1; mode=block
logo-trustwave-white.svg
www.trustwave.com/img/logo/
3 KB
3 KB
Image
General
Full URL
https://www.trustwave.com/img/logo/logo-trustwave-white.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
etag
"0214d29dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
2776
x-xss-protection
1; mode=block
linkedin.svg
www.trustwave.com/img/icon/social/svg/light/
636 B
681 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/linkedin.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
46647527924f0574eded74e7ef9a93d43044a47dcd1b11b9a203c0a9a8bb65e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
636
x-xss-protection
1; mode=block
twitter.svg
www.trustwave.com/img/icon/social/svg/light/
778 B
861 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/twitter.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4fb02286499439e694d9a4220d6ca3ab664b2ba4bdb699b9068aa8e6fd5528c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
778
x-xss-protection
1; mode=block
facebook.svg
www.trustwave.com/img/icon/social/svg/light/
446 B
487 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/facebook.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
64ed842d23dcee23e4cf9257dd18ce0066a76cd75108e7fc95f13a4a9b0e892c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
446
x-xss-protection
1; mode=block
youtube.svg
www.trustwave.com/img/icon/social/svg/light/
525 B
570 B
Image
General
Full URL
https://www.trustwave.com/img/icon/social/svg/light/youtube.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c750113ac663d3ae3adea8e042237ac1c5ea21f9ad1749efc357ea93acbc5d78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:38 GMT
x-aspnet-version
etag
"0d5e2d09dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
525
x-xss-protection
1; mode=block
player.js
player.vimeo.com/api/
19 KB
7 KB
Script
General
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f49ed5154a95ba1e306ce12fe21fc83596bd55865a19a845a075d1a92738fbcd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Varnish-Cache
0
Content-Security-Policy
default-src 'none'; style-src 'unsafe-inline'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1137
X-Cache
HIT
P3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
Connection
keep-alive
X-VServer
infra-playproxy-a-1
Content-Length
5869
X-Xss-Protection
1; mode=block
X-Served-By
cache-fra19180-FRA
X-Player-Backend
p
Expires
Sat, 09 Jan 2021 01:54:04 GMT
Server
nginx
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Timer
S1610156582.540757,VS0,VE0
Date
Sat, 09 Jan 2021 01:43:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript;charset=utf-8
Via
1.1 varnish, 1.1 varnish
Vary
Accept-Encoding
X-Vimeo-DC
ge
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
X-Cache-Hits
174
scripts.min.js
www.trustwave.com/dist/js/
438 KB
177 KB
Script
General
Full URL
https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
df89cc53e851559fba691a5bcd450ca97d68738c4606dc14dd73b9d03b9aaa6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:04:50 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"09d46b49dd8d61:0"
vary
Accept-Encoding
content-type
application/x-javascript
date
Sat, 09 Jan 2021 01:43:01 GMT
accept-ranges
bytes
content-length
180643
x-xss-protection
1; mode=block
rum.js
www.atmrum.net/
301 B
587 B
Script
General
Full URL
https://www.atmrum.net/rum.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
80afdcdab5af95e11f8edac404947668a91582b9799723a8d5272483a010f23d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
x-content-type-options
nosniff
last-modified
Mon, 04 Jan 2021 19:34:40 GMT
x-msedge-ref
Ref A: AAE93E3FCDAE4610BF3F92A0C3C80ABB Ref B: FRAEDGE1206 Ref C: 2021-01-09T01:43:01Z
etag
0x8D4FC0223F2F653
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-MSEdge-Ref
cache-control
no-store
accept-ranges
bytes
timing-allow-origin
*
content-length
301
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-112.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Sat, 09 Jan 2021 01:43:01 GMT
x-host
s7.addthis.com
content-length
116325
munchkin.js
munchkin.marketo.net/154/
8 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/154/munchkin.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.192 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-236-192.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 09 Jan 2021 01:43:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 May 2018 02:45:27 GMT
Server
AkamaiNetStorage
ETag
"808fc844032f646c32adce24553838be:1526611527"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3700
Expires
Mon, 19 Apr 2021 01:43:01 GMT
5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js
cookie-cdn.cookiepro.com/langswitch/
2 KB
1 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
2Q95fkKCF+yYcVGygzYfBA==
age
6728
cf-request-id
078668bb440000178aeeb47000000001
x-ms-lease-status
unlocked
last-modified
Mon, 29 Apr 2019 14:20:09 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6d211ec2-101e-0098-609d-b1182c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
60ea770baea9178a-FRA
1.css
fast.fonts.net/t/
0
110 B
Stylesheet
General
Full URL
https://fast.fonts.net/t/1.css?apiType=css&projectid=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41AE) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
last-modified
Wed, 21 Feb 2018 12:55:22 GMT
server
ECS (fcn/41AE)
age
7324848
etag
"616070693"
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
cache-control
no-cache
accept-ranges
bytes
content-length
0
expires
Sat, 09 Jan 2021 01:43:00 GMT
ai.0.js
az416426.vo.msecnd.net/scripts/a/
94 KB
22 KB
Script
General
Full URL
https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FA5) /
Resource Hash
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
x-ms-meta-lastmodified
2020-10-01 19:31:04
content-md5
HdY95yzx9wIyQkVEGES+Ew==
age
1436
x-cache
HIT
content-length
22495
x-ms-lease-status
unlocked
last-modified
Fri, 23 Oct 2020 22:12:59 GMT
server
ECAcc (frc/8FA5)
etag
0x8D877A0CD108633
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
836e59ec-b01e-0029-3925-e6a912000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800
x-ms-version
2009-09-19
expires
Sat, 09 Jan 2021 02:13:01 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/
334 KB
131 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb3b275e8321c2c87095a4f4f0fd89fbbbdbe07e6fd5191c4c8ccabfc21692fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:35:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
474
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133916
x-xss-protection
0
last-modified
Sun, 06 Dec 2020 23:05:51 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 09 Jan 2022 01:35:07 GMT
63414b969e6787641dc91084b6f18b91fbc35a81.png
trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/
Redirect Chain
  • https://www.trustwave.com/media/16992/reprint_the-forrester-wave_global-managed-security-services-providers_q3-2020-cover.png?anchor=center&mode=crop&width=400&rnd=132404200250000000
  • https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
81 KB
82 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
44f60c08d39f76681af5e1eada34c18b7754a089f1403eea70c86c56c171a425

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Tue, 28 Jul 2020 14:27:48 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
OXk1n/bqvmijIZPuBQ7LaQ==
ETag
0x8D8330266F08072
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
40bcb56c-f01e-00a1-5b28-e62375000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
82963

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/6/3/4/1/4/b/63414b969e6787641dc91084b6f18b91fbc35a81.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/
Redirect Chain
  • https://www.trustwave.com/media/16795/once-future-cover-image.png?anchor=center&mode=crop&width=400&rnd=132344863110000000
  • https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
26 KB
27 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c99841b9fa07daa705c029caca740cbd2d8c4b53b07c5b7999e7fe7da91e6670

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Wed, 20 May 2020 22:13:32 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
af88Lml3DW25n2ABu8zXOw==
ETag
0x8D7FD0B08C41D31
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
14a49907-101e-00c6-7b28-e690d2000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
26903

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/d/c/7/c/7/7/dc7c77f38e04362a6e2e5af76bdc5e200832731d.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/
Redirect Chain
  • https://www.trustwave.com/media/16254/the-underground-economy-cover.png?anchor=center&mode=crop&width=400&rnd=132094902880000000
  • https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
276 KB
277 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
19a5abc3ee71d9689286163dd786564ab2d59a118563fc140e62fa96d0d386df

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Tue, 04 Aug 2020 14:54:14 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
2nJMTgekKPiIq9CgmTKqrg==
ETag
0x8D83886411BDC9F
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
5c4c2076-b01e-014c-5528-e66ca4000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
282667

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/e/a/e/4/5/f/eae45f0f73517fa27ea5b5fa0cf439363e4a4cc2.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
5a6834a869db6f970c8f090a022f77a1c482c6a8.png
trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/
Redirect Chain
  • https://www.trustwave.com/media/16414/cyber-multicloud-ebook-cover-image.png?anchor=center&mode=crop&width=400&rnd=132176020710000000
  • https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
53 KB
54 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
049bf83ad4e353fb4bce7d9fff2ba6b0996aa1a8bbdba76ca83a2ee78c887687

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Fri, 06 Nov 2020 12:23:38 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
7yCcZEg8vp+Cqn2BqP21Mw==
ETag
0x8D8824ECA31B220
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
5c4c1f54-b01e-014c-5928-e66ca4000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
54413

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/5/a/6/8/3/4/5a6834a869db6f970c8f090a022f77a1c482c6a8.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/
Redirect Chain
  • https://www.trustwave.com/media/15106/ierr37pw.png?anchor=center&mode=crop&width=400&rnd=131992175790000000
  • https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
142 KB
143 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
2e45a8996ec5c8b3fce4c3f71fc56ef806673998113d09c32f73c7a3d6efdb38

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Tue, 07 Apr 2020 18:45:01 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
5UtgQThYJzYHnzR2krDd3w==
ETag
0x8D7DB23C7529E1A
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
40bcb367-f01e-00a1-7928-e62375000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
145855

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/9/5/b/0/d/f/95b0df699cb216066e4e2043e54a3680a0fb2a3c.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/
Redirect Chain
  • https://www.trustwave.com/media/7356/7145.jpg?anchor=center&mode=crop&width=400&rnd=131644845120000000
  • https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
32 KB
32 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
14da1d6311764bee490145f7909d480858b94fc01c6ba2b5d8c112feabe53a99

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Wed, 29 Jan 2020 22:23:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
wcV8714ZrmJmS6VqXbqxbQ==
ETag
0x8D7A509E865C6AD
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
48b9e395-f01e-0088-5928-e65537000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
32269

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/5/5/a/e/2/8/55ae28c467881ce9b68f44a5b34fafb48aaab9ba.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/
Redirect Chain
  • https://www.trustwave.com/media/16657/gartner-mdr-cover.png?anchor=center&mode=crop&width=400&rnd=132308413190000000
  • https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
39 KB
40 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
6fbc9436bf1ea8e9568562182031024ae2960a3c3dfdd706ccec19c0fb04b445

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Wed, 08 Apr 2020 17:55:20 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
wPZ3WeOl75NahAH1egrikg==
ETag
0x8D7DBE6013FC4E5
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
ceb29d82-d01e-0017-1228-e62d8d000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
40008

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/3/b/7/b/a/6/3b7ba697d08de6c964b83f21b9a1a75ed153fd24.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
4ada81588dcfb839b624614ec9cf5df23d7d7ed0.jpg
trustwave.blob.core.windows.net/cache/4/a/d/a/8/1/
Redirect Chain
  • https://www.trustwave.com/media/17576/solarwindsblog-bogheader.jpg?anchor=center&mode=crop&width=400&rnd=132545138790000000
  • https://trustwave.blob.core.windows.net/cache/4/a/d/a/8/1/4ada81588dcfb839b624614ec9cf5df23d7d7ed0.jpg
33 KB
33 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/4/a/d/a/8/1/4ada81588dcfb839b624614ec9cf5df23d7d7ed0.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
36947eb4d18c07f8d6737cd5a2aabbaf2f437802f7aa46eb307c001d6ed3d240

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Thu, 07 Jan 2021 17:35:08 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
cprKyp9tm+iOdhnfdyNHxQ==
ETag
0x8D8B33293DFC3A0
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
baa0aefe-f01e-0162-5228-e6ec63000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
33741

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/4/a/d/a/8/1/4ada81588dcfb839b624614ec9cf5df23d7d7ed0.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/
Redirect Chain
  • https://www.trustwave.com/media/15279/sl-blog-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897042940000000
  • https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
9 KB
10 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Wed, 29 Jan 2020 22:23:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
MsdJ7/i6e4BXG2Gh7eeTmQ==
ETag
0x8D7A509E865C6AD
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
40bcb4e5-f01e-00a1-5e28-e62375000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
9529

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/a/8/c/4/4/3/a8c4434c70c4e1e6102f99b8fa9d52122c530944.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
4c5c22a66b8e0b826975bb124626e6bf298ed0a5.jpg
trustwave.blob.core.windows.net/cache/4/c/5/c/2/2/
Redirect Chain
  • https://www.trustwave.com/media/17557/sl-comic-book-cover.jpg?anchor=center&mode=crop&width=400&rnd=132542557620000000
  • https://trustwave.blob.core.windows.net/cache/4/c/5/c/2/2/4c5c22a66b8e0b826975bb124626e6bf298ed0a5.jpg
68 KB
69 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/4/c/5/c/2/2/4c5c22a66b8e0b826975bb124626e6bf298ed0a5.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e4378d2d425267b1e80c87f65643a62786b4a4540d167d661990917295795fb2

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Mon, 04 Jan 2021 20:51:09 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
1FRnmD2PQCY+15b6r+q+2g==
ETag
0x8D8B0F276A9F494
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
ceb29c9d-d01e-0017-4828-e62d8d000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
69804

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/4/c/5/c/2/2/4c5c22a66b8e0b826975bb124626e6bf298ed0a5.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
06afafc72bd6d274723e1e23b9b2d3b1aaa18f61.png
trustwave.blob.core.windows.net/cache/0/6/a/f/a/f/
Redirect Chain
  • https://www.trustwave.com/media/17186/adp-softwave_cover.png?anchor=center&mode=crop&width=400&rnd=132448500440000000
  • https://trustwave.blob.core.windows.net/cache/0/6/a/f/a/f/06afafc72bd6d274723e1e23b9b2d3b1aaa18f61.png
16 KB
17 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/0/6/a/f/a/f/06afafc72bd6d274723e1e23b9b2d3b1aaa18f61.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
030c1e4eced902d0d6d3215f8f9078ba504b61c697b931fd9829887a9075d126

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Thu, 17 Sep 2020 21:04:03 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
PXcEN3gAVUErtmdW6IDHcA==
ETag
0x8D85B4D3539C967
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/png
x-ms-request-id
14a4985f-101e-00c6-5d28-e690d2000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
16601

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/0/6/a/f/a/f/06afafc72bd6d274723e1e23b9b2d3b1aaa18f61.png
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
738329860831758fdafe0f4582244df007b5ff45.jpg
trustwave.blob.core.windows.net/cache/7/3/8/3/2/9/
Redirect Chain
  • https://www.trustwave.com/media/17580/domoreless-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=132546176510000000
  • https://trustwave.blob.core.windows.net/cache/7/3/8/3/2/9/738329860831758fdafe0f4582244df007b5ff45.jpg
15 KB
15 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/7/3/8/3/2/9/738329860831758fdafe0f4582244df007b5ff45.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
09cb7c24162226b1553b1f04bd38668e8c99efd60a3d137d926a3e2a81d72624

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Fri, 08 Jan 2021 22:40:09 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
BC1M+EolCudwzfkeKYMe3A==
ETag
0x8D8B4265AD1E96B
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
ceb29dcc-d01e-0017-5228-e62d8d000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
15345

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/7/3/8/3/2/9/738329860831758fdafe0f4582244df007b5ff45.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
ca9bd654e20f7b475aa14e7be7674494ddfd2651.jpg
trustwave.blob.core.windows.net/cache/c/a/9/b/d/6/
Redirect Chain
  • https://www.trustwave.com/media/17578/preparecmmc-webinar-cover.jpg?anchor=center&mode=crop&width=400&rnd=132546173740000000
  • https://trustwave.blob.core.windows.net/cache/c/a/9/b/d/6/ca9bd654e20f7b475aa14e7be7674494ddfd2651.jpg
17 KB
17 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/c/a/9/b/d/6/ca9bd654e20f7b475aa14e7be7674494ddfd2651.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d7a1954d04eeb5f94c84beeb0038438d45e603c462ab11cc4affbf3ed4198de5

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Fri, 08 Jan 2021 22:10:55 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
V9Z34mSWm7yuluEBO2wbyg==
ETag
0x8D8B4224524B5EA
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
5c4c1ffc-b01e-014c-6c28-e66ca4000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
16944

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/c/a/9/b/d/6/ca9bd654e20f7b475aa14e7be7674494ddfd2651.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
logo-trustwave-25-ver-white.png
www.trustwave.com/media/17452/
9 KB
9 KB
Image
General
Full URL
https://www.trustwave.com/media/17452/logo-trustwave-25-ver-white.png
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8fdceff414f9b7f984ec9a14c5a75a30c9311a076324d3d7fb08c611c479ebc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, must-revalidate, max-age=31536000
accept-ranges
bytes
vary
Accept-Encoding
content-length
8874
x-xss-protection
1; mode=block
expires
Sun, 09 Jan 2022 01:43:02 GMT
9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/
Redirect Chain
  • https://www.trustwave.com/media/15280/news-release-default-image.jpg?anchor=center&mode=crop&width=400&rnd=131897043050000000
  • https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
8 KB
9 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:02 GMT
Last-Modified
Wed, 29 Jan 2020 22:23:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
YYg1/108u00f4mbVmhIfVw==
ETag
0x8D7A509E868AD64
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
5c4c2039-b01e-014c-2528-e66ca4000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
8271

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/9/4/4/9/0/5/9449054b6e599d2c6ae326fc940e1718f740d84d.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
loading-white.svg
www.trustwave.com/img/utility/
687 B
732 B
Image
General
Full URL
https://www.trustwave.com/img/utility/loading-white.svg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
etag
"0214d29dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
687
x-xss-protection
1; mode=block
phishing_blog_header.jpg
trustwave.azureedge.net/media/14536/
69 KB
69 KB
Image
General
Full URL
https://trustwave.azureedge.net/media/14536/phishing_blog_header.jpg?rnd=131992173230000000
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba20 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e505f53c1b66a61a70a54a435b718f629cb56dbb213f7de466bc850aac548f0f

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
last-modified
Wed, 31 Oct 2018 19:04:47 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
UWjhRxNY4hmXBufI7I1oCw==
etag
0x8D63F63BA351B50
vary
Accept-Encoding
content-type
image/jpeg
x-ms-request-id
8dbcb28d-601e-0063-4ce4-e5abcb000000
cache-control
public, max-age=31506746
x-ms-version
2009-09-19
x-ms-meta-createddate
10/31/2018 19:04:47 +00:00
content-length
70528
9ba90769335931364c049107b68b1e1cbd6d58ed.jpg
trustwave.blob.core.windows.net/cache/9/b/a/9/0/7/
Redirect Chain
  • https://www.trustwave.com/media/17573/cmmcnewyear-bogheader.jpg?anchor=center&mode=crop&width=400&rnd=132544539210000000
  • https://trustwave.blob.core.windows.net/cache/9/b/a/9/0/7/9ba90769335931364c049107b68b1e1cbd6d58ed.jpg
26 KB
26 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/9/b/a/9/0/7/9ba90769335931364c049107b68b1e1cbd6d58ed.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7a3f348fd1b6f46440fcf501babc3023c4efff9264bb7ad70b9adf6d250bf6d0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Thu, 07 Jan 2021 00:51:59 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
09bf4OJs0Ia0EJYwDjPh1Q==
ETag
0x8D8B2A6706FEA30
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
48b9e488-f01e-0088-3c28-e65537000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
26114

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/9/b/a/9/0/7/9ba90769335931364c049107b68b1e1cbd6d58ed.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
67d82579a40168c3825c9de0ad001a8f2b518d1e.jpg
trustwave.blob.core.windows.net/cache/6/7/d/8/2/5/
Redirect Chain
  • https://www.trustwave.com/media/16499/blog-header.jpg?anchor=center&mode=crop&width=400&rnd=132228204620000000
  • https://trustwave.blob.core.windows.net/cache/6/7/d/8/2/5/67d82579a40168c3825c9de0ad001a8f2b518d1e.jpg
30 KB
30 KB
Image
General
Full URL
https://trustwave.blob.core.windows.net/cache/6/7/d/8/2/5/67d82579a40168c3825c9de0ad001a8f2b518d1e.jpg
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.152.234 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a7ef375437c9eb8d4e7910bb2099eb146a59c82b60b696bd63d79155792118cf

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 09 Jan 2021 01:43:03 GMT
Last-Modified
Wed, 06 Jan 2021 11:50:11 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
kqwNdK+tnmMA4xAefIL41w==
ETag
0x8D8B2393914F03E
x-ms-meta-ImageProcessedBy
ImageProcessor.Web/4.10.0.100
Content-Type
image/jpeg
x-ms-request-id
ceb29e2c-d01e-0017-2928-e62d8d000000
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Content-Length
30381

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
location
https://trustwave.blob.core.windows.net/cache/6/7/d/8/2/5/67d82579a40168c3825c9de0ad001a8f2b518d1e.jpg
cache-control
no-cache
content-length
219
x-xss-protection
1; mode=block
MaterialIcons-Regular.woff2
www.trustwave.com/fonts/material-icons/
43 KB
43 KB
Font
General
Full URL
https://www.trustwave.com/fonts/material-icons/MaterialIcons-Regular.woff2
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:04:50 GMT
x-aspnet-version
etag
"09d46b49dd8d61:0"
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff2
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
44300
x-xss-protection
1; mode=block
KFOmCnqEu92Fr1Mu4mxP.ttf
fonts.gstatic.com/s/roboto/v20/
35 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxP.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 05 Jan 2021 13:47:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
302155
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20742
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Jan 2022 13:47:06 GMT
KFOlCnqEu92Fr1MmEU9fBBc9.ttf
fonts.gstatic.com/s/roboto/v20/
36 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc9.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
719df7954428f52779f3fa18641c19fc854b39394193d87eea5a61795dec8dbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 06 Jan 2021 12:44:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
219536
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20908
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Jan 2022 12:44:05 GMT
KFOlCnqEu92Fr1MmWUlfBBc9.ttf
fonts.gstatic.com/s/roboto/v20/
35 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc9.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 05 Jan 2021 21:05:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
275840
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20796
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:59 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Jan 2022 21:05:41 GMT
d9dabe05-624c-4f28-8eee-b3b6f1841abf.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/d9dabe05-624c-4f28-8eee-b3b6f1841abf.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/4193) /
Resource Hash
f422b8961953524e333d562521c3b4e0a2ed33da87079bd92c08ec4389372358

Request headers

Origin
https://www.trustwave.com
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
last-modified
Fri, 05 Dec 2014 01:40:36 GMT
server
ECS (fcn/4193)
age
30789630
etag
"2369653874"
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20472
expires
Fri, 09 Apr 2021 01:43:01 GMT
KFOlCnqEu92Fr1MmSU5fBBc9.ttf
fonts.gstatic.com/s/roboto/v20/
35 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc9.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4c96f55c265e0a80be4243a16f7e88b9a67c85b71b4e2aa8cea4e1aa989b0d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 07 Jan 2021 16:12:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120654
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20827
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:53 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 07 Jan 2022 16:12:07 GMT
71e645d2-276d-4568-b9e4-e215b8e5b24f.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/71e645d2-276d-4568-b9e4-e215b8e5b24f.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40E7) /
Resource Hash
bd1f1f47a863ac3be54dab002af884683776e666b68d50ec7641ca732991d54f

Request headers

Origin
https://www.trustwave.com
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
last-modified
Fri, 05 Dec 2014 01:42:38 GMT
server
ECS (fcn/40E7)
age
14714351
etag
"2674825278"
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20080
expires
Fri, 09 Apr 2021 01:43:01 GMT
KFOkCnqEu92Fr1Mu51xIIzc.ttf
fonts.gstatic.com/s/roboto/v20/
37 KB
37 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzc.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0dfa4684ad9c52a1a97d91764ef1d404c15dd95ed20f00a2f9f3f4d11df2abf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 06 Jan 2021 15:39:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:19:00 GMT
server
sffe
age
209007
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37500
x-xss-protection
0
expires
Thu, 06 Jan 2022 15:39:34 GMT
KFOjCnqEu92Fr1Mu51TjASc6CsE.ttf
fonts.gstatic.com/s/roboto/v20/
37 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsE.ttf
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/css/styles.min.css?v=33sa
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c295fdce6562d5cdba48677d07e280fddbb67d605c41861f765ce1ea79c5e697
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.trustwave.com
Referer
https://www.trustwave.com/dist/css/styles.min.css?v=33sa
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 07 Jan 2021 09:45:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143831
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22525
x-xss-protection
0
last-modified
Wed, 24 Jul 2019 01:18:38 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 07 Jan 2022 09:45:50 GMT
13012335-73ef-44f0-b295-7b83041355af.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/13012335-73ef-44f0-b295-7b83041355af.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40D0) /
Resource Hash
bffa1e3e1ea23f3748a43fdbe0241391b148e47c6c9157e281d833d41f046244

Request headers

Origin
https://www.trustwave.com
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
last-modified
Fri, 05 Dec 2014 01:36:16 GMT
server
ECS (fcn/40D0)
age
14254317
etag
"2421989041"
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20576
expires
Fri, 09 Apr 2021 01:43:01 GMT
52be0694-00c1-4daa-8782-419021c48e95.woff2
fast.fonts.net/dv2/14/
20 KB
20 KB
Font
General
Full URL
https://fast.fonts.net/dv2/14/52be0694-00c1-4daa-8782-419021c48e95.woff2?d44f19a684109620e4841470a190e8187da2675ee4d21384fcc31c18ab36cd3000b30c7b2714554b2fa45c7114a369ae46a92d2cbcc413b53d0101698114ce8d7e74e9017f28ef808677fbf0b28df9dd5c148045f073a59c253d54554cb37ea9&projectId=9c85e15b-99ed-40a4-929d-2262f9ed2706
Requested by
Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/418C) /
Resource Hash
34ede3e0ed28152b38a721fd42c348162e01e6e53fd526b80e385c095b2b4082

Request headers

Origin
https://www.trustwave.com
Referer
https://fast.fonts.net/cssapi/9c85e15b-99ed-40a4-929d-2262f9ed2706.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
last-modified
Fri, 05 Dec 2014 01:27:43 GMT
server
ECS (fcn/418C)
age
18075014
etag
"3413759195"
x-cache
HIT
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=7776000
accept-ranges
bytes
content-length
20524
expires
Fri, 09 Apr 2021 01:43:01 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
680
date
Sat, 09 Jan 2021 01:31:41 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sat, 09 Jan 2021 03:31:41 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
4 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 09 Jan 2021 01:43:01 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jan 2021 22:14:03 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=40150
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1855
hotjar-1372211.js
static.hotjar.com/c/
6 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.98 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-98.zrh50.r.cloudfront.net
Software
/
Resource Hash
fc477ecd5ea698241b07911a3702041e0cc88f7ef19970526182f38690f34787
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
ZRH50-C1
etag
W/e8b019a85f90b50c155d8148ecd90cd3
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
x-cache-hit
1
x-amz-cf-id
Ee_pONDs3rKcoi9FgUjqHZZSE8hJpGY4_XnT1_TOlPhma6OhBtKusQ==
via
1.1 a06cb72e779e366fcd004926eacd5b85.cloudfront.net (CloudFront)
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
via
1.1 varnish
last-modified
Fri, 04 Dec 2020 00:21:46 GMT
age
3135
etag
"cbc512946c8abb461c6215ed5b454e5f+gzip"
vary
Accept-Encoding,Host
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding
gzip
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
1957
x-timer
S1610156582.966167,VS0,VE0
x-served-by
cache-hhn11561-HHN
conversion_async.js
www.googleadservices.com/pagead/
30 KB
12 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s18-in-f98.1e100.net
Software
cafe /
Resource Hash
e1ec254792b6fe5cb168d2ce9cb1e35d15311d3b357b305a95cbfb12552477d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
12175
x-xss-protection
0
server
cafe
etag
17536051821503146167
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Jan 2021 01:43:01 GMT
activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblo...
10419288.fls.doubleclick.net/ Frame 1E19
Redirect Chain
  • https://10419288.fls.doubleclick.net/activityi;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2F...
  • https://10419288.fls.doubleclick.net/activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.tr...
0
0
Document
General
Full URL
https://10419288.fls.doubleclick.net/activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
10419288.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Sat, 09 Jan 2021 01:43:01 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
468
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sat, 09-Jan-2021 01:58:01 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Sat, 09 Jan 2021 01:43:01 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://10419288.fls.doubleclick.net/activityi;dc_pre=CNuc59jcje4CFcKkdwodzSMH0A;src=10419288;type=trust0;cat=trust0;ord=2735165736059;gtm=2wgbu0;auiddc=683582521.1610156582;u1=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F;~oref=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fbevents.js
connect.facebook.net/en_US/
90 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: aia-microsoftonline.com
URL: https://aia-microsoftonline.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23366
x-fb-rlafr
0
pragma
public
x-fb-debug
jqDyDirxc8QFfm7CWGGTRsNQbojEEl1S1+Y+Ftb4rZ799JKBmwEfZJb4f+Wf5RBcFBzSigy9gTJKB5UJS5YLGA==
x-fb-trip-id
1814657579
x-frame-options
DENY
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 09 Jan 2021 01:43:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.google-analytics.com/gtm/
87 KB
35 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-5B38B7F&t=gtm2&cid=1553935241.1610156582
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
853f3d9316639e0e05e118dfdbc49c264b09ef48bae84128961f7b5d235648a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35216
x-xss-protection
0
expires
Sat, 09 Jan 2021 01:43:01 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1610156581970&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D70652%26time%3D1610156581970%26url%3Dhttps%253A%252F%252Fwww.trustwave.com%252Fen...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1610156581970&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished...
0
58 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1610156581970&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&liSync=true
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
xQVXeuFsWBawJQ1BNCsAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
content-length
0
x-li-uuid
mDyfcuFsWBYALCx4qyoAAA==
pragma
no-cache
x-li-pop
afd-prod-esv5
x-msedge-ref
Ref A: CA1378DF3EC94398ACF9DE2FCC73A415 Ref B: FRAEDGE1214 Ref C: 2021-01-09T01:43:02Z
x-frame-options
sameorigin
date
Sat, 09 Jan 2021 01:43:01 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=70652&time=1610156581970&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/494613180/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/494613180/?random=1610156581973&cv=9&fst=1610156581973&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&ref=https%3A%2F%2Faia-microsoftonline.com%2F&tiba=What%20to%20Do%20When%20You%E2%80%98re%20Getting%20Phished%20but%20Have%20No%20Idea%20Because%20It%20Looks%20Totally%20Authentic%20%7C%20Trustwave%20Blog%20%7C%20Trustwave&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e6658cc2601f96e4dc34a0ffc946c3d6da3ed764f33c1c83523fce4ab9ea634c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1175
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/
43 B
449 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o4ya5&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
124
pragma
no-cache
last-modified
Sat, 09 Jan 2021 01:43:02 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
542cf886580c1ca489e43f6a30fd4481
x-transaction
002ff45600b77657
expires
Tue, 31 Mar 1981 05:00:00 GMT
657537318161329
connect.facebook.net/signals/config/
240 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/657537318161329?v=2.9.32&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23ad3b50915e22bf709e6925164dab8ffb4e9af8b2a48ea1cbe1a661a67690d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
public
x-fb-debug
bAaZphaQ0uhIhvhyj0z8ZVGKrJS6kcy55oF2/o7MKqnP7UitUcyLGdB1S3coRmvIFcrkLYpKYvxBaDPwvUL3Lg==
x-fb-trip-id
1814657579
x-frame-options
DENY
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 09 Jan 2021 01:43:02 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-content-id
151101262
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/494613180/
42 B
375 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/494613180/?random=1610156581973&cv=9&fst=1610154000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&frm=0&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&ref=https%3A%2F%2Faia-microsoftonline.com%2F&tiba=What%20to%20Do%20When%20You%E2%80%98re%20Getting%20Phished%20but%20Have%20No%20Idea%20Because%20It%20Looks%20Totally%20Authentic%20%7C%20Trustwave%20Blog%20%7C%20Trustwave&async=1&fmt=3&is_vtc=1&random=3143930829&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/494613180/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/494613180/?random=1610156581973&cv=9&fst=1610154000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&frm=0&url=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&ref=https%3A%2F%2Faia-microsoftonline.com%2F&tiba=What%20to%20Do%20When%20You%E2%80%98re%20Getting%20Phished%20but%20Have%20No%20Idea%20Because%20It%20Looks%20Totally%20Authentic%20%7C%20Trustwave%20Blog%20%7C%20Trustwave&async=1&fmt=3&is_vtc=1&random=3143930829&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
2 B
70 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=439860117&t=pageview&_s=1&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&dr=https%3A%2F%2Faia-microsoftonline.com%2F&ul=en-us&de=UTF-8&dt=What%20to%20Do%20When%20You%E2%80%98re%20Getting%20Phished%20but%20Have%20No%20Idea%20Because%20It%20Looks%20Totally%20Authentic%20%7C%20Trustwave%20Blog%20%7C%20Trustwave&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEADQAAAAC~&jid=2107129934&gjid=1083897008&cid=1553935241.1610156582&tid=UA-123880220-1&_gid=202418125.1610156582&_r=1&gtm=2wgbu054M2ZJN&z=1209218048
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.trustwave.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
90 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-123880220-1&cid=1553935241.1610156582&jid=2107129934&gjid=1083897008&_gid=202418125.1610156582&_u=aGDAAEACQAAAAC~&z=880165907
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 09 Jan 2021 01:43:02 GMT
content-type
text/plain
access-control-allow-origin
https://www.trustwave.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
65 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-123880220-1&cid=1553935241.1610156582&jid=2107129934&_u=aGDAAEACQAAAAC~&z=1381316173
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
88 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-123880220-1&cid=1553935241.1610156582&jid=2107129934&_u=aGDAAEACQAAAAC~&z=1381316173
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules.9a7681f2864b86bb700a.js
script.hotjar.com/
223 KB
59 KB
Script
General
Full URL
https://script.hotjar.com/modules.9a7681f2864b86bb700a.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.39 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-39.zrh50.r.cloudfront.net
Software
/
Resource Hash
98cda42abefd73a296ddf0d07c8d34838e45a104bbc3fec3a5d06e6e3baf0793
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 08 Jan 2021 15:21:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
37317
x-cache
Hit from cloudfront
content-length
59766
access-control-allow-origin
*
last-modified
Fri, 08 Jan 2021 15:19:16 GMT
etag
"f5ea4f1b6e11ea553c87c5ce99d0ca9d"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
hCObrCzWCJcOSO1THDbNB_wZ6qI2eZj3uHI_q43qbxd9EfANhxBDtg==
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.192 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-236-192.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 09 Jan 2021 01:43:02 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
fpv2.min.js
www.atmrum.net/client/v1/atm/
3 KB
3 KB
Script
General
Full URL
https://www.atmrum.net/client/v1/atm/fpv2.min.js
Requested by
Host: www.atmrum.net
URL: https://www.atmrum.net/rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
32ea28e4cc9fb2662d406bc5e859f774b58f927861c31864c33cb81aa8263aac
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
x-content-type-options
nosniff
last-modified
Mon, 04 Jan 2021 19:34:40 GMT
x-msedge-ref
Ref A: 529F6F2F5C4D4738BF51C434F5AB5CD8 Ref B: FRAEDGE1206 Ref C: 2021-01-09T01:43:02Z
etag
0x8D501F7AFB7338D
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
X-MSEdge-Ref
cache-control
no-store
accept-ranges
bytes
timing-allow-origin
*
content-length
2983
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=47402
accept-ranges
bytes
content-length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js
cookie-cdn.cookiepro.com/consent/
69 KB
16 KB
Script
General
Full URL
https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/langswitch/5142c8f1-532c-427b-a545-0bcfe1f6f4ea.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
tokLCuVTsBOR85IgoPx1iA==
age
6725
cf-request-id
078668bd360000178ab5bde000000001
x-ms-lease-status
unlocked
last-modified
Mon, 29 Apr 2019 14:20:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
93543ce0-f01e-0016-26fb-b3ce9a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
60ea770eb90a178a-FRA
adsct
analytics.twitter.com/i/
31 B
652 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o4ya5&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
162
pragma
no-cache
last-modified
Sat, 09 Jan 2021 01:43:02 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
42f2a274e1172093496a80b443701c30
x-transaction
00f9eeb40021ce34
expires
Tue, 31 Mar 1981 05:00:00 GMT
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-5286e9523a723348/
166 B
325 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-5286e9523a723348/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-112.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
gzip
etag
659743217
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=55, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
154
300lo.json
m.addthis.com/live/red_lojson/
89 B
249 B
Script
General
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=5ff90a268936ba7d&bkl=0&bl=1&pdt=1593&sid=5ff90a268936ba7d&pub=ra-5286e9523a723348&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.trustwave.com&dr=aia-microsoftonline.com&fp=en-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=4&gen=100&chr=UTF-8&mk=Trustwave%2CTrustwave%20Blog%2CCyber%20Security&colc=1610156582206&jsl=8193&uvs=5ff90a26f25fbc02000&skipb=1&callback=addthis.cbs.jsonp__28185146896761150
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-112.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
556f0432e7fa10b7e19da18d2dd551be15940208597587e7a6e795c8e73fec02

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
89
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 03AE
0
0

sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 5D0C
0
0
Document
General
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-112.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/

Response headers

server
nginx/1.15.8
content-type
text/html
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
etag
W/"5ed917ff-11adc"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
26421
date
Sat, 09 Jan 2021 01:43:02 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
anchor
www.google.com/recaptcha/api2/ Frame 1D03
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&size=invisible&cb=qgtw22bbed0k
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OQtALcM1XhfqnOScO/lWlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LdMtIkUAAAAAP7FCbfNuAv_bvJRl7vsAjPIyOWc&co=aHR0cHM6Ly93d3cudHJ1c3R3YXZlLmNvbTo0NDM.&hl=en&v=qc5B-qjP0QEimFYUxcpWJy5B&size=invisible&cb=qgtw22bbed0k
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 09 Jan 2021 01:43:02 GMT
content-security-policy
script-src 'report-sample' 'nonce-OQtALcM1XhfqnOScO/lWlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10045
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
t.js
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/
4 KB
2 KB
Script
General
Full URL
https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54M2ZJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-56.zrh50.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
0e4b8d24a97bf67e39fcebe6b138ff9db6a5a01b38b3f2d2d2ab0ee90f44a729
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
ZRH50-C1
x-cache
RefreshHit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 16 Dec 2020 03:32:49 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
via
1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
yzZ7aYUebQRBsygvIuQNEQq3PXgdkNa_D_WMDWjCd24HRPxCH3gsfQ==
en-us.json
www.trustwave.com/locale/en-us/LC_MESSAGES/
1 KB
637 B
XHR
General
Full URL
https://www.trustwave.com/locale/en-us/LC_MESSAGES/en-us.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
X-Requested-With
XMLHttpRequest
Request-Id
|kEOkt.XLmSI
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"0214d29dd8d61:0"
vary
Accept-Encoding
content-type
application/json
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
590
x-xss-protection
1; mode=block
ja-jp.json
www.trustwave.com/locale/ja-jp/LC_MESSAGES/
1 KB
936 B
XHR
General
Full URL
https://www.trustwave.com/locale/ja-jp/LC_MESSAGES/ja-jp.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
X-Requested-With
XMLHttpRequest
Request-Id
|kEOkt./HiIc
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"0214d29dd8d61:0"
vary
Accept-Encoding
content-type
application/json
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
877
x-xss-protection
1; mode=block
de-de.json
www.trustwave.com/locale/de-de/LC_MESSAGES/
1 KB
611 B
XHR
General
Full URL
https://www.trustwave.com/locale/de-de/LC_MESSAGES/de-de.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
X-Requested-With
XMLHttpRequest
Request-Id
|kEOkt.mLSBn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Dec 2020 20:05:40 GMT
x-aspnet-version
x-frame-options
SAMEORIGIN
etag
"0214d29dd8d61:0"
vary
Accept-Encoding
content-type
application/json
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
564
x-xss-protection
1; mode=block
/
www.facebook.com/tr/
44 B
408 B
Image
General
Full URL
https://www.facebook.com/tr/?id=657537318161329&ev=PageView&dl=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&rl=https%3A%2F%2Faia-microsoftonline.com%2F&if=false&ts=1610156582265&sw=1600&sh=1200&v=2.9.32&r=stable&ec=0&o=30&fbp=fb.1.1610156582264.462837933&it=1610156581982&coo=false&rqm=GET
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sat, 09 Jan 2021 01:43:02 GMT
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame CB57
0
0
Document
General
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1372211.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-30.zrh50.r.cloudfront.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/

Response headers

content-type
text/html
content-length
851
date
Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified
Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 449f2b51e83bf8ba5fa5e65ce60bc277.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
9mU-4HAaa_Tc_y6ZLXDsjdKD75NJJ96NRx9WrNQqRDMukn9wVQ2MGg==
age
4005718
fpconfig.min.json
www.atmrum.net/conf/v1/atm/
191 B
480 B
XHR
General
Full URL
https://www.atmrum.net/conf/v1/atm/fpconfig.min.json
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:01 GMT
x-content-type-options
nosniff
last-modified
Mon, 04 Jan 2021 19:34:40 GMT
x-msedge-ref
Ref A: 550FA6A51FA84BDCB069864D641B79EF Ref B: FRAEDGE1517 Ref C: 2021-01-09T01:43:02Z
etag
0x8D501F7AFB7338D
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-MSEdge-Ref
cache-control
no-store
accept-ranges
bytes
timing-allow-origin
*
content-length
191
visitWebPage
815-rfm-693.mktoresp.com/webevents/
2 B
311 B
XHR
General
Full URL
https://815-rfm-693.mktoresp.com/webevents/visitWebPage?_mchNc=1610156582286&_mchCn=&_mchId=815-RFM-693&_mchTk=_mch-trustwave.com-1610156582285-62118&_mchHo=www.trustwave.com&_mchPo=&_mchRu=%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=https%3A%2F%2Faia-microsoftonline.com%2F&_mchQp=
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 09 Jan 2021 01:43:02 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
93cb4f4c-6d84-4928-bb32-847d3fc07f34
optanon.css
cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/
23 KB
5 KB
Stylesheet
General
Full URL
https://cookie-cdn.cookiepro.com/skins/4.8.0/default_flat_bottom_two_button_black/v2/css/optanon.css
Requested by
Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/d22d5d9f-dee9-4eea-bf38-6b6ef609199b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
jzLE25vmrDR3ZmMxTSa8+w==
age
359
cf-request-id
078668bd940000178adb00f000000001
x-ms-lease-status
unlocked
last-modified
Thu, 19 Sep 2019 18:59:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
404cf5a9-f01e-0080-434c-b6c74b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
cf-ray
60ea770f5989178a-FRA
EU
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/
32 B
403 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery33108528754657344153_1610156582123&_=1610156582124
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/dist/js/scripts.min.js?v=v34sa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
60ea770f7be41f25-FRA
content-length
32
cf-request-id
078668bdb300001f2550281000000001
trans.gif
f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com/apc/
43 B
243 B
Image
General
Full URL
https://f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com/apc/trans.gif?10a836401ae8fca6015c29df64690d46
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1010:2::121 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 16:16:16 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
43
etag
"33927aab8ea8d61:0"
visit-data
in.hotjar.com/api/v2/client/sites/1372211/
178 B
321 B
XHR
General
Full URL
https://in.hotjar.com/api/v2/client/sites/1372211/visit-data?sv=7
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.57.208 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-57-208.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 09 Jan 2021 01:43:02 GMT
content-encoding
br
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/json
1372211
vc.hotjar.io/sessions/
0
255 B
XHR
General
Full URL
https://vc.hotjar.io/sessions/1372211?s=0.25&r=0.20120193179661316
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.105 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-105.zrh50.r.cloudfront.net
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
via
1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
server
Python/3.7 aiohttp/3.5.4
x-amz-cf-pop
ZRH50-C1
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
G0dEzT_e4SvJ0Nj7D7Bej-3xz2uIRxhBt-_1_zXg89oQPc2NrqY0QA==
s.gif
vidassets.terminus.services/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=terminus&ttd_tpi=1&ttd_puid=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff
  • https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff&t=56e31a12-9c8c-4b6e-bc01-be8f27a7c83a
42 B
683 B
Image
General
Full URL
https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff&t=56e31a12-9c8c-4b6e-bc01-be8f27a7c83a
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-56.zrh50.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:09:32 GMT
via
1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
2031
x-cache
Hit from cloudfront
content-length
42
last-modified
Wed, 16 Dec 2020 03:32:49 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-amz-cf-pop
ZRH50-C1
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id
xInAHWuS6hwisnbmRb4CpS6cEckqpNmJonM36GYip5yJ4Z2YaR4KKA==

Redirect headers

pragma
no-cache
date
Sat, 09 Jan 2021 01:43:02 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://vidassets.terminus.services/s.gif?d=af0d2044-417b-49dd-b4e9-25d4e62e0332|9bbc02a3-676a-4709-8f0a-7fc40bda93ff&t=56e31a12-9c8c-4b6e-bc01-be8f27a7c83a
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
343
t.gif
vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/
42 B
690 B
Image
General
Full URL
https://vidassets.terminus.services/af0d2044-417b-49dd-b4e9-25d4e62e0332/t.gif?d=9bbc02a3-676a-4709-8f0a-7fc40bda93ff&s=fa4f3dd4-1c02-4a4a-9ba4-19d3dc43845b&p=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&cb=1610156582535
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.94.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-94-56.zrh50.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 09 Jan 2021 01:43:02 GMT
via
1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Wed, 16 Dec 2020 03:32:49 GMT
server
nginx/1.10.3 (Ubuntu)
x-amz-cf-pop
ZRH50-C1
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=2700
x-cache
RefreshHit from cloudfront
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
content-length
42
x-amz-cf-id
5YlWzTfD8sUQweK90J_oKOB0MuSmhj5CWt613lMVMSX2QTEyFTYHOw==
IsUserAusi
www.trustwave.com/umbraco/surface/AJAX/
5 B
177 B
XHR
General
Full URL
https://www.trustwave.com/umbraco/surface/AJAX/IsUserAusi
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
X-Requested-With
XMLHttpRequest
Request-Id
|kEOkt.qvEXN
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
private
vary
Accept-Encoding
content-length
123
x-xss-protection
1; mode=block
IsUserAPAC
www.trustwave.com/umbraco/surface/AJAX/
5 B
164 B
XHR
General
Full URL
https://www.trustwave.com/umbraco/surface/AJAX/IsUserAPAC
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.96.240 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
X-Requested-With
XMLHttpRequest
Request-Id
|kEOkt.bl4aN
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-aspnet-version
date
Sat, 09 Jan 2021 01:43:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
private
vary
Accept-Encoding
content-length
123
x-xss-protection
1; mode=block
/
www.facebook.com/tr/
0
86 B
Other
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryfErOjSrN65mpr9og

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Sat, 09 Jan 2021 01:43:02 GMT
content-type
text/plain
access-control-allow-origin
https://www.trustwave.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
trans.gif
f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com/apc/
43 B
81 B
Image
General
Full URL
https://f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com/apc/trans.gif?16e16dc29b67e292caf6d63655fc2eb4
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1010:2::121 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 16:16:16 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
date
Sat, 09 Jan 2021 01:43:02 GMT
accept-ranges
bytes
content-length
43
etag
"33927aab8ea8d61:0"
trans.gif
d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com/apc/
43 B
243 B
Image
General
Full URL
https://d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com/apc/trans.gif?4a058bdba381caf4e7223c8ebb62836e
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1040:900:2:: Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 16:16:16 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
date
Sat, 09 Jan 2021 01:43:03 GMT
accept-ranges
bytes
content-length
43
etag
"33927aab8ea8d61:0"
trans.gif
d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com/apc/
43 B
81 B
Image
General
Full URL
https://d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com/apc/trans.gif?834c85a90416196a818222719fda36bd
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1040:900:2:: Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 16:16:16 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
date
Sat, 09 Jan 2021 01:43:03 GMT
accept-ranges
bytes
content-length
43
etag
"33927aab8ea8d61:0"
trans.gif
2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com/apc/
43 B
243 B
Image
General
Full URL
https://2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com/apc/trans.gif?511c10af7a6258d165551ead59df7a69
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1020:d01:2:: Berlin, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 16:16:16 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
date
Sat, 09 Jan 2021 01:43:03 GMT
accept-ranges
bytes
content-length
43
etag
"33927aab8ea8d61:0"
trans.gif
2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com/apc/
43 B
81 B
Image
General
Full URL
https://2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com/apc/trans.gif?5042c33162f3c243f59c0b3c6888f636
Requested by
Host: www.trustwave.com
URL: https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1020:d01:2:: Berlin, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 16:16:16 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
image/gif
date
Sat, 09 Jan 2021 01:43:03 GMT
accept-ranges
bytes
content-length
43
etag
"33927aab8ea8d61:0"
r.gif
www.atmrum.net/report/v1/atm/
42 B
194 B
XHR
General
Full URL
https://www.atmrum.net/report/v1/atm/r.gif?MonitorID=atm&rid=9a44451913c7140fe0444aeafe708318&w3c=true&prot=https:&v=2017061301&tag=602cc9bb0a513db2b327299487211347&DATA=[{%22RequestID%22:%22f3459bccecbc1336f3a4cd0d238c29b6%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:782},{%22RequestID%22:%22f3459bccecbc1336f3a4cd0d238c29b6%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:248},{%22RequestID%22:%22d8fbb39352d7dd84ce149b3dacc7ae39%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:393},{%22RequestID%22:%22d8fbb39352d7dd84ce149b3dacc7ae39%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:123},{%22RequestID%22:%222116316a8d2053e09ff19e664d5cb26a%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:85},{%22RequestID%22:%222116316a8d2053e09ff19e664d5cb26a%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:15}]
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.234 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
https://www.trustwave.com
date
Sat, 09 Jan 2021 01:43:03 GMT
cache-control
no-store
x-msedge-ref
Ref A: 3D13B5AF65C041E7AAD77CD90D98C098 Ref B: FRAEDGE1517 Ref C: 2021-01-09T01:43:03Z
content-type
image/gif
track
dc.services.visualstudio.com/v2/ Frame
0
0
Other
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Server
51.107.59.180 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,sdk-context
Origin
https://www.trustwave.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-methods
POST
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
access-control-allow-origin
*
access-control-max-age
3600
x-content-type-options
nosniff
date
Sat, 09 Jan 2021 01:43:03 GMT
content-length
0
track
dc.services.visualstudio.com/v2/
98 B
215 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.107.59.180 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4c2f5a758fbc60954159a082379a36973449f38d8641309540cbbaf810d1df4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic/
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
777C708A-8EF5-46E2-85FF-D5519A72A80C
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Sat, 09 Jan 2021 01:43:03 GMT
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
content-length
98

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

175 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dataLayer object| appInsights object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client number| SThreshold number| globalmktoid boolean| globalpartnerform boolean| globalfooterform object| Vimeo boolean| VimeoPlayerResizeEmbeds_ object| AI object| Microsoft function| __extends function| _endsWith object| google_tag_manager function| postscribe object| recaptcha string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| hj object| _hjSettings function| twq object| google_tag_data function| fbq function| _fbq object| gaplugins object| gaGlobal object| gaData function| lintrk boolean| _already_called_lintrk object| twttr function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| google_optimize object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| FormAbandonmentTracker string| ajaxReq function| autoSuggest string| navAjaxReq function| navAutoSuggest object| loadmorexrh function| objectifyForm function| trim function| rgb2hex function| rgbaToHex function| UpdateResults function| ShowHideLoadMore function| LoadingOn function| LoadingOff function| LoadMore function| GetCurrentLang function| MediaReleases function| closeResetMobile function| closeResetDesktop string| currentCheckSize function| checkSize function| FixScrollOnLoad function| doMenu function| MainMenu function| CardListCheckForZero function| OutputFooterGlobalForm function| FixButtonColorsinSections function| AddAusiLogo function| AddAPACLogo function| AddTaglineToLogo function| LoadDefaultMKTOForms function| FixConsoleErrors function| FixFooterSectionColorAngle function| ScrollToScript function| SpecialEventMenu function| PressReleases function| ToggleFilterOptions function| ResourceLibrary function| SearchResults function| SLBlog function| CardHeroSliders function| CardLists function| CardListOurHistory function| SWUpdates function| TWBlog function| getParameterByName function| jsonToUrl function| SetupImgClickToVideo object| videoLabels object| lastP object| _playerTitle object| _playerAuthor object| _playerAuthorURL object| _playerUploadDate function| Vimeoinit function| updateUrl function| onMessageReceived function| post function| getLabel function| getVimeoInfo function| vimeoCallback function| onReady function| onPlay function| onPause function| onPlayProgress object| Modernizr function| $ function| jQuery function| Cookies function| pluralRuleParser function| TWFilters object| MktoForms2 function| TWLang object| mktoprefilldata function| TWMkto function| TWStepsForm function| supportInfo object| rum function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| OneTrust string| containerName string| languageSwitcherFileName string| useDocumentLanguage string| languageSwitcherFilePathPart string| languageSwitcherURL function| getLanguageSwitcherScriptPath function| isLanguageSwitcherFile function| OptanonWrapper object| addthis_share object| addthis_config object| closure_lm_41120 object| Munchkin object| MunchkinTracker function| mktoMunchkin function| mktoMunchkinFunction object| Footprint undefined| a undefined| c function| jsonFeed object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups boolean| __@@##MUH object| fpconfig object| oattr function| filterHandler

25 Cookies

Domain/Path Name / Value
.addthis.com/ Name: loc
Value: MDAwMDBFVURFQkUyMzI1MTkzNDAwNjAwMDBDSA==
.addthis.com/ Name: uvc
Value: 1%7C1
.trustwave.com/ Name: OptanonConsent
Value: landingPath=https%3A%2F%2Fwww.trustwave.com%2Fen-us%2Fresources%2Fblogs%2Ftrustwave-blog%2Fwhat-to-do-when-you-re-getting-phished-but-have-no-idea-because-it-looks-totally-authentic%2F&datestamp=Sat+Jan+09+2021+02%3A43%3A03+GMT%2B0100+(Central+European+Standard+Time)&version=4.8.0&EU=true&groups=1%3A1%2C2%3A0%2C3%3A0%2C0_32924%3A1%2C4%3A0%2C0_32898%3A0%2C0_32899%3A0%2C0_32900%3A0%2C0_32901%3A0%2C0_32902%3A0%2C0_32903%3A0%2C0_32904%3A0%2C0_32905%3A0%2C0_32893%3A0%2C0_32894%3A0%2C0_32895%3A0%2C0_32896%3A0%2C0_32897%3A0
www.trustwave.com/ Name: ASP.NET_SessionId
Value: cjqy0yr2god2cqeobuveosyy
www.trustwave.com/ Name: s-9da4
Value: fa4f3dd4-1c02-4a4a-9ba4-19d3dc43845b
www.trustwave.com/ Name: d-a8e6
Value: 9bbc02a3-676a-4709-8f0a-7fc40bda93ff
www.trustwave.com/ Name: _hjIncludedInPageviewSample
Value: 1
.trustwave.com/ Name: _hjFirstSeen
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.trustwave.com/ Name: _hjid
Value: df22d8f0-ccd9-46c1-be23-f0ed32628466
.trustwave.com/ Name: _hjAbsoluteSessionInProgress
Value: 1
.trustwave.com/ Name: _hjTLDTest
Value: 1
.trustwave.com/ Name: _mkto_trk
Value: id:815-RFM-693&token:_mch-trustwave.com-1610156582285-62118
.trustwave.com/ Name: _fbp
Value: fb.1.1610156582264.462837933
www.trustwave.com/ Name: _hjIncludedInSessionSample
Value: 1
.www.trustwave.com/ Name: ApplicationGatewayAffinityCORS
Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890
.trustwave.com/ Name: _gcl_au
Value: 1.1.683582521.1610156582
www.trustwave.com/ Name: __atuvc
Value: 1%7C1
www.trustwave.com/ Name: ai_user
Value: nHq7c|2021-01-09T01:43:01.892Z
.trustwave.com/ Name: _ga
Value: GA1.2.1553935241.1610156582
www.trustwave.com/ Name: __atuvs
Value: 5ff90a26f25fbc02000
www.trustwave.com/ Name: ai_session
Value: lku78|1610156582024.51|1610156582024.51
.trustwave.com/ Name: _gat_UA-123880220-1
Value: 1
.trustwave.com/ Name: _gid
Value: GA1.2.202418125.1610156582
.www.trustwave.com/ Name: ApplicationGatewayAffinity
Value: bcc70b3e9d2a132e2376fddfd28702ba57725b0d585f7a92e016c74563f04890

1 Console Messages

Source Level URL
Text
console-api warning URL: https://connect.facebook.net/en_US/fbevents.js(Line 23)
Message:
[Facebook Pixel] - Unable to parse JSON-LD tag. Malformed JSON found: ' { "@context": "http://schema.org", "@type": "WebSite", "url": "https://www.trustwave.com/", "potentialAction": { "@type": "SearchAction", "target": "https://www.trustwave.com/en-us/search/?q={search_term_string}", "query-input": "required name=search_term_string" } } { "@context": "http://schema.org", "@type": "Organization", "url": "https://www.trustwave.com/", "logo": "https://www.trustwave.com/img/logo/TW-logo-color.png" } '.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10419288.fls.doubleclick.net
2116316a8d2053e09ff19e664d5cb26a.azr.footprintdns.com
815-rfm-693.mktoresp.com
aia-microsoftonline.com
analytics.twitter.com
az416426.vo.msecnd.net
connect.facebook.net
cookie-cdn.cookiepro.com
d8fbb39352d7dd84ce149b3dacc7ae39.azr.footprintdns.com
dc.services.visualstudio.com
f3459bccecbc1336f3a4cd0d238c29b6.azr.footprintdns.com
fast.fonts.net
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
in.hotjar.com
m.addthis.com
match.adsrvr.org
munchkin.marketo.net
player.vimeo.com
px.ads.linkedin.com
s7.addthis.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
trustwave.azureedge.net
trustwave.blob.core.windows.net
v1.addthisedge.com
vars.hotjar.com
vc.hotjar.io
vidassets.terminus.services
www.atmrum.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.trustwave.com
z.moatads.com
s7.addthis.com
104.111.236.192
104.244.42.195
104.244.42.197
104.75.88.112
13.224.94.105
13.224.94.30
13.224.94.39
13.224.94.56
13.224.94.98
151.101.12.217
172.217.18.6
172.217.22.98
192.28.144.124
199.232.136.157
2.18.235.40
204.13.200.221
204.79.197.234
2603:1010:2::121
2603:1020:d01:2::
2603:1040:900:2::
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:2800:234:660:118e:28f:1d8a:2522
2606:4700:10::6814:b944
2606:4700::6812:778
2620:1ec:21::14
2a00:1450:4001:801::2002
2a00:1450:4001:801::2003
2a00:1450:4001:809::2003
2a00:1450:4001:815::2004
2a00:1450:4001:820::2003
2a00:1450:4001:824::2008
2a00:1450:4001:825::200e
2a00:1450:400c:c04::9d
2a02:26f0:6c00:28c::25ea
2a02:26f0:6c00::210:ba20
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
51.107.59.180
52.151.96.240
52.17.171.52
52.208.57.208
52.239.152.234
030c1e4eced902d0d6d3215f8f9078ba504b61c697b931fd9829887a9075d126
049bf83ad4e353fb4bce7d9fff2ba6b0996aa1a8bbdba76ca83a2ee78c887687
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
09cb7c24162226b1553b1f04bd38668e8c99efd60a3d137d926a3e2a81d72624
0b1d7f87f3ca4c8b4bd749b02b6ad71c930b7e306c752a2e2293d7b250b02e27
0bd0bc4edd5e4b256b9c40ce082680ad16a78ac5faf4d3337d39cf9605518bfe
0dfa4684ad9c52a1a97d91764ef1d404c15dd95ed20f00a2f9f3f4d11df2abf9
0e4b8d24a97bf67e39fcebe6b138ff9db6a5a01b38b3f2d2d2ab0ee90f44a729
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14da1d6311764bee490145f7909d480858b94fc01c6ba2b5d8c112feabe53a99
19a5abc3ee71d9689286163dd786564ab2d59a118563fc140e62fa96d0d386df
1c3bfab00f5e70133e4daafbd95aea46f572bbcf33335ee75b9f2240742c7982
21c3d65ef1a0105fb3114d843bd4c68e474e7571db6b0af5ca759fbfec9eca81
2a1c9874549a1cb94b6e0dc5822b4f5ca14386d39214a8145670fc1c50045496
2e45a8996ec5c8b3fce4c3f71fc56ef806673998113d09c32f73c7a3d6efdb38
32ea28e4cc9fb2662d406bc5e859f774b58f927861c31864c33cb81aa8263aac
34ede3e0ed28152b38a721fd42c348162e01e6e53fd526b80e385c095b2b4082
36947eb4d18c07f8d6737cd5a2aabbaf2f437802f7aa46eb307c001d6ed3d240
3f18aeab9b9baa3e61c4bc2cd0372e3946f494bd03bff3cad740e5ea817fce2b
401e8c9f7f2ebc632adc7a11d64961f35774f8ea948d23b975bd75742d03e673
42f2f65a52347bf6ed6c0633b5458c48ddc1b439923c92caec18c6d6f111afe3
44f60c08d39f76681af5e1eada34c18b7754a089f1403eea70c86c56c171a425
46647527924f0574eded74e7ef9a93d43044a47dcd1b11b9a203c0a9a8bb65e9
4c2f5a758fbc60954159a082379a36973449f38d8641309540cbbaf810d1df4a
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4d84802c2cc3550892199289d28a046c4e1d011964c7c7f9d43bdeebecf107de
4fb02286499439e694d9a4220d6ca3ab664b2ba4bdb699b9068aa8e6fd5528c6
513dc4ad9074be013baa6b46aec20fcdd61a0d7ca25146d51f3b6b84198fa871
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
556f0432e7fa10b7e19da18d2dd551be15940208597587e7a6e795c8e73fec02
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
60a33e6cf5151f2d52eddae9685cfa270426aa89d8dbc7dfb854606f1d1a40fe
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
64ed842d23dcee23e4cf9257dd18ce0066a76cd75108e7fc95f13a4a9b0e892c
6603122bf60f4b09cfab59cdc08d792c28773607d897ed680c7c0b607a44a879
6fbc9436bf1ea8e9568562182031024ae2960a3c3dfdd706ccec19c0fb04b445
719df7954428f52779f3fa18641c19fc854b39394193d87eea5a61795dec8dbe
72766f736186eb5c7c6d08502f3bf28da0092e8ea85cf3b5413c9daf8dc2d94a
7a3f348fd1b6f46440fcf501babc3023c4efff9264bb7ad70b9adf6d250bf6d0
7b0ef13b754c456f5621d74ca260e49b061f759bcaeb9223e0eaa78ff4359189
7e71c641e32d06d04105977215bb51b545056e73ae7c91ed3307cfd4022bd93c
80afdcdab5af95e11f8edac404947668a91582b9799723a8d5272483a010f23d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
853f3d9316639e0e05e118dfdbc49c264b09ef48bae84128961f7b5d235648a7
8fdceff414f9b7f984ec9a14c5a75a30c9311a076324d3d7fb08c611c479ebc8
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
9545498791418ba2847374815a974cc5bad7368ffb1df4c44c67d25027dd219e
98cda42abefd73a296ddf0d07c8d34838e45a104bbc3fec3a5d06e6e3baf0793
9998a28912966aa8ae78c7bae4b70bce32095ac4cafb972428f96c60bf374a98
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9aca0224d81ef661adb8ade2f5cde9d77dc6f7bd0299f9f7598363a3a81bfc87
a637d3ff767789f9b113bbfa208bdb6a76efed7c4c111da2a130f6a38a51d353
a7ef375437c9eb8d4e7910bb2099eb146a59c82b60b696bd63d79155792118cf
a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7
a87d66c91b2e7dc5530aef76c03bd6a3d25ea5826110bf4803b561b811cc8726
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ace78f63f590160b0748a26e60d8b453b4d4ac8bc4da20967632bf7e5bcb58e3
adf69d38e2487f50595e753a596abe161e9eee78fa68fd0d96d2901478f7de11
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
b0f35cc025dc27ea345536d4eafc13e52fe2b1c237fd6c4150d4dbf85c323c27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23ad3b50915e22bf709e6925164dab8ffb4e9af8b2a48ea1cbe1a661a67690d
b4c96f55c265e0a80be4243a16f7e88b9a67c85b71b4e2aa8cea4e1aa989b0d1
b5e5c5c8b9ebe9fb7f4a8cde7f2ff4f6652e6beb87585c18e99fb446fbb301a4
bd1f1f47a863ac3be54dab002af884683776e666b68d50ec7641ca732991d54f
bffa1e3e1ea23f3748a43fdbe0241391b148e47c6c9157e281d833d41f046244
c04cbfe21e23ceb866fae28e981a17dfe9ce6cb178943dda6f11a495255ec137
c295fdce6562d5cdba48677d07e280fddbb67d605c41861f765ce1ea79c5e697
c750113ac663d3ae3adea8e042237ac1c5ea21f9ad1749efc357ea93acbc5d78
c99841b9fa07daa705c029caca740cbd2d8c4b53b07c5b7999e7fe7da91e6670
cb8fd428f0d96267a4df07e3603d7e9fc4f424096eec1923269d49efa9f31dbb
cf1fbbb71ac9b556806b4d1518915d23843a5d92012495e09cca672b605f98b8
cf7008a1bb1e7dcffa096b3f0c782f3dd610f847413ae4861a5c03006f093553
d7a1954d04eeb5f94c84beeb0038438d45e603c462ab11cc4affbf3ed4198de5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df89cc53e851559fba691a5bcd450ca97d68738c4606dc14dd73b9d03b9aaa6e
e1ec254792b6fe5cb168d2ce9cb1e35d15311d3b357b305a95cbfb12552477d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4378d2d425267b1e80c87f65643a62786b4a4540d167d661990917295795fb2
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e505f53c1b66a61a70a54a435b718f629cb56dbb213f7de466bc850aac548f0f
e6658cc2601f96e4dc34a0ffc946c3d6da3ed764f33c1c83523fce4ab9ea634c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f422b8961953524e333d562521c3b4e0a2ed33da87079bd92c08ec4389372358
f49ed5154a95ba1e306ce12fe21fc83596bd55865a19a845a075d1a92738fbcd
fb3b275e8321c2c87095a4f4f0fd89fbbbdbe07e6fd5191c4c8ccabfc21692fb
fc477ecd5ea698241b07911a3702041e0cc88f7ef19970526182f38690f34787