www.menlosecurity.com Open in urlscan Pro
65.0.79.182 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Submission: On November 01 via manual (November 1st 2024, 3:10:04 am UTC) from SG — Scanned from SG

Summary HTTP 127 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 44 IPs in 6 countries across 29 domains to perform 127 HTTP transactions. The main IP is 65.0.79.182, located in Mumbai, India and belongs to AMAZON-02, US. The main domain is www.menlosecurity.com.
TLS certificate: Issued by R10 on October 11th 2024. Valid for: 3 months.

This is the only time www.menlosecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	65.0.79.182 65.0.79.182	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:a175	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	104.18.160.117 104.18.160.117	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.17.71.206 104.17.71.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.35.212.110 13.35.212.110	16509 (AMAZON-02) (AMAZON-02)
5	2404:6800:400... 2404:6800:4003:c01::61	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223b:fc00:13:a3bc:6800:93a1	16509 (AMAZON-02) (AMAZON-02)
12	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	74.125.24.99 74.125.24.99	15169 (GOOGLE) (GOOGLE)
11	23.44.4.160 23.44.4.160	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.20.157 151.101.20.157	54113 (FASTLY) (FASTLY)
1	108.156.133.37 108.156.133.37	16509 (AMAZON-02) (AMAZON-02)
1	2403:e800:e80... 2403:e800:e80b::2a63:8c8b	4637 (ASN-TELST...) (ASN-TELSTRA-GLOBAL Telstra Global)
2	57.144.144.128 57.144.144.128	32934 (FACEBOOK) (FACEBOOK)
2	23.15.110.65 23.15.110.65	16625 (AKAMAI-AS) (AKAMAI-AS)
6	35.83.31.139 35.83.31.139	16509 (AMAZON-02) (AMAZON-02)
1	13.33.30.93 13.33.30.93	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f8:b000:9:14eb:6280:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:1247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	74.125.24.154 74.125.24.154	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c01::9b	15169 (GOOGLE) (GOOGLE)
4	2404:6800:400... 2404:6800:4003:c1c::71	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c02::9a	15169 (GOOGLE) (GOOGLE)
1	172.217.194.157 172.217.194.157	15169 (GOOGLE) (GOOGLE)
2	2404:6800:400... 2404:6800:4003:c1a::5e	15169 (GOOGLE) (GOOGLE)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
1	108.157.254.81 108.157.254.81	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f34... 2a03:2880:f348:1:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
4	108.156.133.27 108.156.133.27	16509 (AMAZON-02) (AMAZON-02)
1	151.101.2.109 151.101.2.109	54113 (FASTLY) (FASTLY)
1	2404:6800:400... 2404:6800:4003:c05::5f	15169 (GOOGLE) (GOOGLE)
2	35.245.208.72 35.245.208.72	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	103.43.90.54 103.43.90.54	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:1413:a00... 2600:1413:a000::1734:2843	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	13.33.30.84 13.33.30.84	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	75.2.108.141 75.2.108.141	16509 (AMAZON-02) (AMAZON-02)
2	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
127	44

1 65.0.79.182 (Mumbai, India)

ASN16509 (AMAZON-02, US)
PTR: ec2-65-0-79-182.ap-south-1.compute.amazonaws.com

www.menlosecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:a175 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.prod.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 104.18.160.117 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.prod.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)

info.menlosecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.212.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-212-110.sin2.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2404:6800:4003:c01::61 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223b:fc00:13:a3bc:6800:93a1 (United States)

ASN16509 (AMAZON-02, US)

hubfront.hushly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.99 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.44.4.160 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-4-160.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.20.157 (San Francisco, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.133.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-133-37.sin2.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2403:e800:e80b::2a63:8c8b (Hong Kong)

ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 57.144.144.128 (Ireland)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-sin11.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.15.110.65 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a23-15-110-65.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.83.31.139 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-83-31-139.us-west-2.compute.amazonaws.com

app.hushly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.30.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-30-93.sin2.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f8:b000:9:14eb:6280:93a1 (United States)

ASN16509 (AMAZON-02, US)

d2i34c80a0ftze.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1247 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f154.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c01::9b (Singapore, Singapore)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2404:6800:4003:c1c::71 (Singapore, Singapore)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c02::9a (Singapore, Singapore)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.194.157 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f157.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c1a::5e (Singapore, Singapore)

ASN15169 (GOOGLE, US)

www.google.com.sg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

281-owv-899.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.254.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-254-81.sin2.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f348:1:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.156.133.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-133-27.sin2.r.cloudfront.net

st.fullcircleinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.109 (San Francisco, United States)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c05::5f (Singapore, Singapore)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.245.208.72 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 72.208.245.35.bc.googleusercontent.com

r1.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.43.90.54 (Singapore, Singapore)

ASN29990 (ASN-APPNEX, US)
PTR: 598.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1413:a000::1734:2843 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.33.30.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-30-84.sin2.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.108.141 (United States)

ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com

eps.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	website-files.com cdn.prod.website-files.com — Cisco Umbrella Rank: 6168	2 MB
14	6sc.co j.6sc.co — Cisco Umbrella Rank: 5626 c.6sc.co — Cisco Umbrella Rank: 6951 ipv6.6sc.co — Cisco Umbrella Rank: 5794 b.6sc.co — Cisco Umbrella Rank: 3611 eps.6sc.co — Cisco Umbrella Rank: 11869	24 KB
14	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2896 r1.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 55253	216 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	4 KB
7	hushly.com hubfront.hushly.com — Cisco Umbrella Rank: 69804 app.hushly.com — Cisco Umbrella Rank: 84054	392 KB
7	menlosecurity.com www.menlosecurity.com info.menlosecurity.com	96 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 td.doubleclick.net — Cisco Umbrella Rank: 192 stats.g.doubleclick.net — Cisco Umbrella Rank: 136	3 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	438 KB
4	fullcircleinsights.com st.fullcircleinsights.com — Cisco Umbrella Rank: 111989	4 KB
4	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 147	64 B
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 5671	4 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 25487 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23670	2 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 6590	62 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4482	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	21 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	google.com.sg www.google.com.sg — Cisco Umbrella Rank: 13716	562 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3657	7 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	76 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 877 script.hotjar.com — Cisco Umbrella Rank: 1177	61 KB
2	cloudfront.net d3e54v103j8qbb.cloudfront.net d2i34c80a0ftze.cloudfront.net	41 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 479	705 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1022 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 11454	6 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 962	393 B
1	t.co t.co — Cisco Umbrella Rank: 859	628 B
1	mktoresp.com 281-owv-899.mktoresp.com	318 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 960	16 KB
127	29

	Domain	Requested by
25	cdn.prod.website-files.com	www.menlosecurity.com cdn.prod.website-files.com
12	dev.visualwebsiteoptimizer.com	www.menlosecurity.com dev.visualwebsiteoptimizer.com
8	b.6sc.co
6	app.hushly.com	www.menlosecurity.com app.hushly.com
6	info.menlosecurity.com	www.menlosecurity.com info.menlosecurity.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
5	www.googletagmanager.com	www.menlosecurity.com www.googletagmanager.com
4	st.fullcircleinsights.com	d2i34c80a0ftze.cloudfront.net
3	js.zi-scripts.com	www.menlosecurity.com js.zi-scripts.com
3	td.doubleclick.net	www.googletagmanager.com
3	js.driftt.com	www.menlosecurity.com js.driftt.com
2	ws.zoominfo.com	js.zi-scripts.com
2	eps.6sc.co	j.6sc.co
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	r1.visualwebsiteoptimizer.com	dev.visualwebsiteoptimizer.com
2	www.facebook.com	www.menlosecurity.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.google.com.sg	www.menlosecurity.com
2	analytics.google.com	www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	munchkin.marketo.net	www.menlosecurity.com munchkin.marketo.net
2	connect.facebook.net	www.menlosecurity.com connect.facebook.net
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	www.google.com	www.googletagmanager.com www.menlosecurity.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	fonts.googleapis.com	info.menlosecurity.com
1	extend.vimeocdn.com	www.googletagmanager.com
1	analytics.twitter.com	www.menlosecurity.com
1	t.co	www.menlosecurity.com
1	script.hotjar.com	static.hotjar.com
1	281-owv-899.mktoresp.com	munchkin.marketo.net
1	px4.ads.linkedin.com	www.menlosecurity.com
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	trk.techtarget.com	www.menlosecurity.com
1	d2i34c80a0ftze.cloudfront.net	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	hubfront.hushly.com	www.menlosecurity.com
1	d3e54v103j8qbb.cloudfront.net	www.menlosecurity.com
1	www.menlosecurity.com
127	44

This site contains links to these domains. Also see Links.

Domain
try.menlosecurity.com
jobs.ashbyhq.com
lots-project.com
resources.menlosecurity.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com
csportal.menlosecurity.com

Subject Issuer	Validity	Valid
www.menlosecurity.com R10	`2024-10-11` - `2025-01-09`	3 months	crt.sh
prod.website-files.com WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
info.menlosecurity.com Cloudflare Inc ECC CA-3	`2024-02-29` - `2024-12-31`	10 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.hushly.com Amazon RSA 2048 M02	`2024-09-16` - `2025-10-13`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-10` - `2024-11-08`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
drift.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh
trk.techtarget.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.com.sg WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
ibc-flow.techtarget.com WR3	`2024-10-24` - `2025-01-22`	3 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
t.co E5	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-02` - `2025-10-01`	a year	crt.sh
aws-st.fullcircleinsights.com Amazon RSA 2048 M02	`2024-05-28` - `2025-06-25`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-09-24` - `2025-10-26`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
zi-scripts.com WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
eps.6sc.co Amazon RSA 2048 M03	`2024-08-30` - `2025-09-29`	a year	crt.sh
zoominfo.com E5	`2024-10-12` - `2025-01-10`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Frame ID: BD24B65244BC36823C0BFD59001996D2
Requests: 111 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.menlosecurity.com
Frame ID: 07DD836D67BA27D6458282FEE38E528E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10976805707?random=1730430595831&cv=11&fst=1730430595831&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 5D04404375FD46D87F585187E78A46E3
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/684820168?random=1730430595903&cv=11&fst=1730430595903&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 72511526DB7FBB5A78CD645E13339B82
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-C2G0PCSJKE&gacid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1193359782
Frame ID: 20CE8C4BD5C0AE58857B10D62F52087B
Requests: 1 HTTP requests in this frame

Frame: https://info.menlosecurity.com/index.php/form/XDFrame
Frame ID: D1AE7CA0F417B223A227F6DF10595B69
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=trrsm2wf4gwm&eId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=2d4ea392-bc5d-4fd9-8afb-19749a071cc3&sessionStarted=1730430598.575&campaignRefreshToken=defcd868-7aa1-435d-9f0e-8f882aa117ba&hideController=false&pageLoadStartTime=1730430595520&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Frame ID: D7F95DD1241AC46CA0B5F9A493C91349
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1730430595520
Frame ID: 83BA61AEB896AC82C3538722F438A634
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Google Drawings and WhatsApp Zero-hour Open Redirection Phish exposed - Blog | Menlo Security

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

127
Requests

95 %
HTTPS

33 %
IPv6

29
Domains

44
Subdomains

44
IPs

6
Countries

3909 kB
Transfer

9628 kB
Size

46
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://try.menlosecurity.com/
Title: Try Menlo Now

Search URL Search Domain Scan URL

URL: https://jobs.ashbyhq.com/menlosecurity
Title: Job openings

Search URL Search Domain Scan URL

URL: https://lots-project.com/
Title: Living Off Trusted Sites

Search URL Search Domain Scan URL

URL: https://resources.menlosecurity.com/all-content/state-of-browser-security-defending-browsers-against-zero-hour-phishing-attacks
Title: Today, evasive threats make up 30% of total browser-based phishing attacks.

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&title=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20|%20Menlo%20Security

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/menlo-security/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Menlo-Security-411677528985544/

Search URL Search Domain Scan URL

URL: https://twitter.com/menlosecurity?lang=en

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCN0AikN5dKnhEhmtQddAYqg

Search URL Search Domain Scan URL

URL: https://resources.menlosecurity.com/
Title: Resources

Search URL Search Domain Scan URL

URL: https://csportal.menlosecurity.com/hc/en-us
Title: Support Portal

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1730430596150%26li_adsId%3Ddf8b3ca6-3ddb-4236-b760-bee21d6b4ac5%26url%3Dhttps%253A%252F%252Fwww.menlosecurity.com%252Fblog%252Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQKlrGP3uxtt3AAAAZLls3fqGp13YJ7l-e0vChLslSpKNi8L6Eq-nqnOGtL88eBf5xdVEUY2kp67

127 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed Show response
www.menlosecurity.com/blog/ 83 KB
21 KB 478ms
144ms Document
text/html 65.0.79.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

65.0.79.182 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-65-0-79-182.ap-south-1.compute.amazonaws.com

Software

Resource Hash

47566672ca066e450f97e2cde56cf0ca496b2c001f0d8b62673f60c2686cc748

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
cf-ray: 8db8b054ea353194-BOM
content-encoding: gzip
content-security-policy: frame-ancestors 'self'
content-type: text/html
date: Fri, 01 Nov 2024 03:09:55 GMT
last-modified: Thu, 31 Oct 2024 22:10:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
surrogate-control: max-age=432000
surrogate-key: www.menlosecurity.com 6536e5317bf92f62050c3585 pageId:65cfa4568060d2df213d5425 65cfa4568060d2df213d52e1 65cfa4568060d2df213d5302 65cfa4568060d2df213d5326 65cfa4568060d2df213d5368 65cfa4568060d2df213d52e1
vary: Accept-Encoding
x-cluster-name: ap-south-1-prod-hosting-red
x-content-type-options: nosniff
x-frame-options: DENY
x-lambda-id: 6d736d87-88e8-4f06-ac39-0e7ef2fc93c5

GET
H2 200 menlo-dev.9af56778f.min.css
cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/ 410 KB
66 KB 57ms
28ms Stylesheet
text/css 2606:4700::6812:a175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a175 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50a5a86a3812bfd69af1231c3a870e4035e6c6dcf9687d46babda3a0f090db80

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "886d5d4b2d24b16c9803f1ad0f98147c"
x-amz-version-id: _yw9QOMopOJXKe2P5hVDaeNuMxe8IzVu
age: 505
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: text/css
last-modified: Tue, 29 Oct 2024 17:35:37 GMT
vary: Accept-Encoding
x-amz-id-2: iNFUBL00ioLO1OSdeEKF7f1cYHDFIgL4tSMAZ/YHt6H1gfDT7sxX7kKtAgns5U4JvLWB0Hb50Gs=
cache-control: public, max-age=31536000, immutable
x-amz-request-id: CWKFAVYYJJCQ5S9Z
cf-ray: 8db8b055cfeca12c-SIN
accept-ranges: bytes
access-control-allow-origin: *
content-length: 67242
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 65b30af079f2a57286546248_icon-rounded-close-icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 311 B
788 B 118ms
118ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/65b30af079f2a57286546248_icon-rounded-close-icon.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9da14942229f055eb8acb3012a6e1fadcff12d6db2a9736e685a1113539468ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"05edd6e8fc673e0b58d2a5408c1359ac"
x-amz-version-id: zbIvUCgae1xaV2oBYvtk4AbFl.T7lTFF
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Fri, 26 Jan 2024 01:29:21 GMT
vary: Accept-Encoding
x-amz-id-2: rQ8cXT2TLpqRszw4n9FdY+KnJshzXtpHppD8UMBL7zcYZ7nCam+ZEfbU4gcBOO9ZQUA0+6YnxCs=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: CWKBK4RR9ZWSDXPR
cf-ray: 8db8b0561dd81066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 forms2.min.js Show response
info.menlosecurity.com/js/forms2/js/ 199 KB
67 KB 1396ms
60ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.menlosecurity.com/js/forms2/js/forms2.min.js

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f144e3bc13095ce7d1b638b1b2cc50b52cd12312cba1323706f6e71e8ded1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "1e01657-31b91-625a9d5f9a052"
age: 5433
x-content-type-options: nosniff
cf-ray: 8db8b05e7a278527-HKG
expires: Fri, 01 Nov 2024 07:09:56 GMT
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: application/x-javascript
last-modified: Wed, 30 Oct 2024 04:07:09 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
30 KB 32ms
5ms Script
application/javascript 13.35.212.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6536e5317bf92f62050c3585
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.212.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-212-110.sin2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.menlosecurity.com
Referer: https://www.menlosecurity.com/

Response headers

access-control-max-age: 3000
content-encoding: br
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age: 32476
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: zcygM89wZuY0JT64pF1SMK5rTlY5q_ztRHCWK_xJeujjW8J0hRFUwQ==
date: Thu, 31 Oct 2024 18:08:39 GMT
content-type: application/javascript
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
vary: Accept-Encoding
cache-control: max-age=84600, must-revalidate
via: 1.1 b2c5094272cffc150b97bc982427694c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P7
server: AmazonS3

GET
H3 200 menlo-dev.fdbffa8fa.js Show response
cdn.prod.website-files.com/6536e5317bf92f62050c3585/js/ 2 MB
263 KB 121ms
119ms Script
text/javascript 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/js/menlo-dev.fdbffa8fa.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bcc65474edef8c21cf7cdb2cb4855f1726a3b6f341427d1ba60b4c3c174ce54

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "a8ae822e8f15ce7defaaef0468eaaa48"
x-amz-version-id: wynqtkU_QM7yI0nVELithDKeMIWRb7Qn
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: text/javascript
last-modified: Tue, 29 Oct 2024 17:35:37 GMT
vary: Accept-Encoding
x-amz-id-2: cHb5l79pUCAfF8yz728Ms36j11/bv6q537OG2uOquU9rDe2gl+OpwvHCtoJ3QQzNJgafAI5tPaA=
cache-control: public, max-age=31536000, immutable
x-amz-request-id: CWK2P1D34ZWQCTN5
cf-ray: 8db8b0565e0d1066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 268769
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 358 KB
118 KB 49ms
34ms Script
application/javascript 2404:6800:4003:c01::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0b3ca8dc0102f3d1664c1d8fa1276218e9f1b13bd8f80eeeec87015f988f2527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Fri, 01 Nov 2024 03:09:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 120151
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 embed.js Show response
hubfront.hushly.com/ 216 KB
63 KB 684ms
651ms Script
application/javascript 2600:9000:223b:fc00:13:a3bc:6800:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hubfront.hushly.com/embed.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223b:fc00:13:a3bc:6800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e356e6d4254b6a2c1fbee2fb6e66f1c7ab6de329c8f81b8f6bef7d897b3d56fa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
etag: W/"66fe3f6e-35e69"
via: 1.1 12092b1d863b1b4b20da0d09effe7b36.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-id: _BiCtY-n-S9MEiWF1WJR-FfqWaN9jwU_VZAlXwu5__uelWEx4FUo4w==
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/javascript
last-modified: Thu, 03 Oct 2024 06:53:34 GMT
server: nginx
x-amz-cf-pop: SIN2-P2

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 37 KB
10 KB 51ms
27ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=910208&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&vn=2.1&x=true
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gsng1 /
Resource Hash: 94f0f415642dee975be155c61e8686c471159542c2c79d588fb13d83e6eb3be7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.menlosecurity.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:54 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: gsng1

GET
H3 200 65d0f2dae177d376b0c2edf8_White_Search_Icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 931 B
1 KB 99ms
99ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/65d0f2dae177d376b0c2edf8_White_Search_Icon.svg
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0316b910e0a7b4b953bfe8cf73598737ecaf0950899b00bf3bbbbff1b1038d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"366f7ad07f086ba27b215e5a4a6339c4"
x-amz-version-id: QJZPo1tWQCMoT6Cd4jwSQEVJ8Jt9H79J
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Sat, 17 Feb 2024 17:54:35 GMT
vary: Accept-Encoding
x-amz-id-2: gzmdYm8A9b/diksMic9SIPaV1Mk3k2rQkWpiE+5JUJBY9pG5ap/6/ri1Wv833tIwjDkhBDNbMy0=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: CWK6046AEVRJB3MN
cf-ray: 8db8b0565e181066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6536ffc62cf41f78f153fcb5_Roboto-Bold.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 163 KB
164 KB 127ms
121ms Font
application/x-font-ttf 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc62cf41f78f153fcb5_Roboto-Bold.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.menlosecurity.com
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age: 3000
cf-cache-status: HIT
etag: "b8e42971dec8d49207a8c8e2b919a6ac"
x-amz-version-id: DEN3jsgRev_OY_LYX5MYpkpFwV.0RnKX
access-control-allow-methods: GET, HEAD
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/x-font-ttf
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 23 Oct 2023 23:20:40 GMT
x-amz-id-2: eZj1WW9IZmwmv8sH2nFxoRhWyuZucT6THZsGF3V4CZUY4Hbd7UvWx6d7dOP7LWaHeAwNRRvBjYY=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5PH0Q1AB5DCJST
cf-ray: 8db8b056acaa5dd9-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 167336
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6536ffc6ee31b63c515fef73_Roboto-Black.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 164 KB
165 KB 324ms
319ms Font
application/x-font-ttf 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc6ee31b63c515fef73_Roboto-Black.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ace0d0833ab83ff18ea94e4a7745f919c458ae4eabc298218226df4275ccd4d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.menlosecurity.com
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age: 3000
cf-cache-status: HIT
etag: "d6a6f8878adb0d8e69f9fa2e0b622924"
x-amz-version-id: LC7K49D5wH6tDKXFHytipUF6mcbcdjJd
access-control-allow-methods: GET, HEAD
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/x-font-ttf
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 23 Oct 2023 23:20:39 GMT
x-amz-id-2: Y77o4lhKQhJ22Hxp8ovOVfxHW9g4IpcxIxhsCbVYJi+Uy5NBMJmR/t7iumEmrujwRlMd0sKY/3E=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5WCQRSYJ8XEWV2
cf-ray: 8db8b056acab5dd9-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 168060
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6536fedde312752da0449705_Raleway-VariableFont_wght.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 302 KB
303 KB 90ms
85ms Font
application/x-font-ttf 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536fedde312752da0449705_Raleway-VariableFont_wght.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.menlosecurity.com
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age: 3000
cf-cache-status: HIT
etag: "3ec1aa8901bbee53c49cc8b4e011a0e1"
x-amz-version-id: W6TaNt0ziNCYiA6KR0lQ_yg4yL4jsmS5
age: 566
access-control-allow-methods: GET, HEAD
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/x-font-ttf
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 23 Oct 2023 23:19:05 GMT
x-amz-id-2: +WlTCqvRGEJe1eQsl7aQtxzySGGSV97Da3T7z8eMduSqVJAfzHjlIWrbg0yNT7v94P+T70b18nM=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5VGRZW12JH57TY
cf-ray: 8db8b056acac5dd9-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 309720
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6536ffc6d42c74fdfbff0fc4_Roboto-Regular.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 164 KB
165 KB 488ms
483ms Font
application/x-font-ttf 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc6d42c74fdfbff0fc4_Roboto-Regular.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.menlosecurity.com
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age: 3000
cf-cache-status: HIT
etag: "8a36205bd9b83e03af0591a004bc97f4"
x-amz-version-id: 05LPmbO2M9nNQswHGx2VlZpg6J3t6zB8
access-control-allow-methods: GET, HEAD
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/x-font-ttf
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Fri, 01 Dec 2023 10:22:22 GMT
x-amz-id-2: ZFjTNIhuyuv3Ybj/FdLtVeU+/PL5vcnAn4Z30lTyLhvq2MSPa/TWBcVsHk3z0C6hWCNWnrNJYF4r8HZqa+YigLq8Zt9xlGYcWtctiSQQUTc=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5WREYHK63CSBJT
cf-ray: 8db8b056acae5dd9-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 168260
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6536ffc61a22f00ee539de31_Roboto-Italic.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 167 KB
167 KB 65ms
60ms Font
application/x-font-ttf 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc61a22f00ee539de31_Roboto-Italic.ttf
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99e4a85061136e99e052929ed0d85e36384fba5c34b773139a8f64339c609943

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.menlosecurity.com
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age: 3000
cf-cache-status: HIT
etag: "cebd892d1acfcc455f5e52d4104f2719"
x-amz-version-id: K.6cn7P.TKQlJpc2rwPUk4An9TToDFe_
age: 565
access-control-allow-methods: GET, HEAD
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/x-font-ttf
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Thu, 01 Feb 2024 14:50:44 GMT
x-amz-id-2: 5yF44um+I39+IPTsybEMyr3eZ9XA+UDuoxrzx9EJNZRY2F3b60DzSY1TILiEHdT14U71uPo10Qg=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5TR05K3A7NP2KJ
cf-ray: 8db8b056acaf5dd9-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 170504
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6569c2d88d994c80155279c5_Menlo_circle-arrow%E2%80%94Transparent.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 428 B
891 B 123ms
116ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6569c2d88d994c80155279c5_Menlo_circle-arrow%E2%80%94Transparent.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 889d25db4b8baec5af49f52ba44f9aabf5d3ed27620850a9fd1645746dd76668

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"684db38c541a2e1cbfaf34c61d643ed8"
x-amz-version-id: OTQZHJDi9C8m5Sp0xUE2N0Mz_8m_sV6H
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Fri, 01 Dec 2023 11:28:41 GMT
vary: Accept-Encoding
x-amz-id-2: O6LhSULTvJVkzjf5yj0LQUzbmhnWwKHlWIxpw5gONJSQT7bMlxTg61EHYBq+fPtcSueTtxk5mXY=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5Q3HQQ8ZH2GXEF
cf-ray: 8db8b0569e831066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6564ef8254ba69f9582df989_menlo-logo-new.png
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 7 KB
8 KB 125ms
118ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef8254ba69f9582df989_menlo-logo-new.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca681b2b9b415d35f4ceef886b26398a76b29856294f94751f910f44dc8e14e7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: HIT
etag: "0c2965a583039629321663d795f35155"
x-amz-version-id: 6oM0EjA5C1tlifHw4zqf2v1C6h_csXyZ
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/png
last-modified: Mon, 27 Nov 2023 19:35:31 GMT
vary: Accept-Encoding
x-amz-id-2: XeNvaZVGAsfD6mooGHJdmhNx3B9dUctG0Gzm7exIeCY/NHYrF4SdzcwHIzjKXXawPJ6JfwT7deU=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5QR7W1FFVXS6JK
cf-ray: 8db8b0569e841066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7413
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 66ad619b81509e4a6841a53d_Open_Redirect_Phishing_Blog-p-1600.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/ 100 KB
101 KB 542ms
535ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ad619b81509e4a6841a53d_Open_Redirect_Phishing_Blog-p-1600.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b08fb35a5f56a160b5455b172cac37afa8a18da00e4e2884b3c19790d637ae2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: EXPIRED
etag: "e5b32875cbe84bb5ba71d603a56f904f"
x-amz-version-id: l0CJHTW6lYQRpfddeyedv38DuMcuxlhh
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/png
last-modified: Fri, 02 Aug 2024 22:45:51 GMT
vary: Accept-Encoding
x-amz-id-2: EqmKZh+zjPINgP2Ii3KGUSJZTa84GPUe7zxVq1SwQ3CCZrX1C0JVH/qPCDSth+xgVf+Wk6EVrtjVSrasXVBcG8GjlXOgnOv+FN86DnzxkZw=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: V0GMYN40Y3MEJRPB
cf-ray: 8db8b0569e861066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 102540
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 66ac273c0c88bc05a9a79af9_66ac23f4d71c1540865a4e0b_Fake%2520_Amazon-Securty_Alert_email%25402x.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/ 155 KB
156 KB 437ms
430ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac273c0c88bc05a9a79af9_66ac23f4d71c1540865a4e0b_Fake%2520_Amazon-Securty_Alert_email%25402x.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f402adb6d872721d16ac6d180640bc134f0d3001f57c5a1b2fbf3ea5f18aaea

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: EXPIRED
etag: "aec569d1bd70234864be0a4d54cd3b83"
x-amz-version-id: zWaXp0_xxTfPAdkC6cZWEDNV1VeL.9Bo
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/png
last-modified: Tue, 20 Aug 2024 08:54:34 GMT
vary: Accept-Encoding
x-amz-id-2: ln+4fiFaW8DOujx5LLvcojqEVz+uwLqfXFen1/RM6FRGZb3xOs6zZz4UTWfXGTtjR5U/ObemPpB6DCMkJxIDF8jAijckA3U2wXU9oZPD/Og=
cache-control: max-age=84600, must-revalidate
x-amz-request-id: V0GWWT1HGWH8RK99
cf-ray: 8db8b0569e881066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 158830
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 66ad5f8e4db6581a0b0d50fc_66ad5e4e0cb9e4274bfab983_GoogleDraw_Redirect_Phishing_Chain.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/ 430 KB
430 KB 512ms
505ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ad5f8e4db6581a0b0d50fc_66ad5e4e0cb9e4274bfab983_GoogleDraw_Redirect_Phishing_Chain.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d174b4fd89816f5bbc83cc796feecab85ae373950f2eedaa4899e4929eeb3f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: EXPIRED
etag: "13ca98c25a2cfb79f5cf5e3bdacfe42e"
x-amz-version-id: b03df1utsr_6irj0N9HQT0KbD2te3dY7
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/png
last-modified: Tue, 20 Aug 2024 08:54:34 GMT
vary: Accept-Encoding
x-amz-id-2: zZmfXxuOG3y7U3oxLZr799bkedkrJSbBFpkEIfa8/KmZYd9PdoM1g8Vrah92QIZIzJ/zPt8KN+by9fFJdk6wZX5e+fSxeBJ0zS67sShzYi4=
cache-control: max-age=84600, must-revalidate
x-amz-request-id: V0GHB9AG8KWVH76H
cf-ray: 8db8b0569e891066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 439945
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 66ac2a1ef01e957976cd8815_66ac24aa6f8998d5b8c3c752_Zero-hour%2520Open%253ARedirect%2520_Pic%25202.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/ 51 KB
51 KB 480ms
473ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac2a1ef01e957976cd8815_66ac24aa6f8998d5b8c3c752_Zero-hour%2520Open%253ARedirect%2520_Pic%25202.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 528e3cc972ef7f6c2812f86e137869f6ced78785f98900aed1278f1b5a726bd9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: EXPIRED
etag: "14fe21f7ab5876dbb32768b926238877"
x-amz-version-id: 6MmX1ML10AgzlFMMC4WS5dZCMrt1RPFw
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/png
last-modified: Tue, 20 Aug 2024 08:54:34 GMT
vary: Accept-Encoding
x-amz-id-2: 9b8F2+5FiZTMX7RX6cihXWnJuFlC2QmbW6YFZKuMFoUDn1Jsuuk2R/tWVDVpESqtD7HqUHptfPN+6oE/WjUC8ZsGU1p5R4sGCIZBHz/Yfak=
cache-control: max-age=84600, must-revalidate
x-amz-request-id: V0GKJT6SQZHSBW31
cf-ray: 8db8b0569e8a1066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 52065
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 66ac2a1ef01e957976cd881d_66ac2523a33e505e7c1a31dc_Zero-hour%2520Open%253ARedirect%2520_Pic%25203.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/ 248 KB
249 KB 652ms
646ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac2a1ef01e957976cd881d_66ac2523a33e505e7c1a31dc_Zero-hour%2520Open%253ARedirect%2520_Pic%25203.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b2f97a83181796ad19a73f1b95d34632ab8db56d9f33f09cfff0ad799ef6bde

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: MISS
etag: "a2e42b92c94cf0d3c2de5ee2455064b6"
x-amz-version-id: THgcn.SkUsMapnxntar1ZElVA55.ueXo
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/png
last-modified: Tue, 20 Aug 2024 08:54:34 GMT
vary: Accept-Encoding
x-amz-id-2: 0MhUR32I26LSA+la8VGzT0QDEX2NL0egdGX9ZwAwcg3LZ2Zo7yICUaJQCY9ec2YViTLsEffNNPhLz9YEbX0pyNmSofybz/VkBVHgbNZ29/o=
cache-control: max-age=84600, must-revalidate
x-amz-request-id: V0GRM7YNNXQYZ5X4
cf-ray: 8db8b056ae8c1066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 254003
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6564ef5d3a4cb7b5ea3a9057_LinkedIn_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 2 KB
2 KB 78ms
71ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9057_LinkedIn_white_line_icon.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1214dfeb93c377d705ff4e3fa4026b177b09bd78db8c58fec8bed76042b22cb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"3649d7f32b11c2eeaf07d7c3e255b3e4"
x-amz-version-id: AcNyFpFI8aAA28ygKmwAtygggpeL.GKB
age: 560
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Mon, 27 Nov 2023 19:34:54 GMT
vary: Accept-Encoding
x-amz-id-2: 53r6f6DTQtmA2YPT+hRabRGIXO5w36TtY1EvBRYtcZmGer++K1wG01WJA8tA0o0P8Mi++y9AzoE=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5PYZ5AXFARTNM4
cf-ray: 8db8b056ae8e1066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6564ef5d3a4cb7b5ea3a9056_Twitter_X_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 2 KB
2 KB 388ms
381ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9056_Twitter_X_white_line_icon.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb1bf908b6409ef06648805751d0ab2b5266bb25cd8649f42ebdb555dba577d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"ec3df19575f6b8918daab65f4a4395fe"
x-amz-version-id: LRWTCcxe1O67SFrUHw2p7xzNiJE9t1LM
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Mon, 27 Nov 2023 19:34:54 GMT
vary: Accept-Encoding
x-amz-id-2: NBEuglDE/oGH5vXosksEKPxvlYjk/+G2tEZd73oIiHg7C1IGLqiGyExvi61iXiJ3d5xA/j1EuHA=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5JS776S84K3XWM
cf-ray: 8db8b056ae8f1066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6564ef5d3a4cb7b5ea3a9055_FaceBook_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 2 KB
2 KB 135ms
128ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9055_FaceBook_white_line_icon.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 573a481f2f09d26d3f240670b5e8fe7c9660e34b8b436bf6b40edf291e9e410d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"c306b7effae56674b98577f22bb9f84f"
x-amz-version-id: o7JKEdLK6GcbVtAiHBiLffzSk0uBmM7J
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Mon, 27 Nov 2023 19:34:54 GMT
vary: Accept-Encoding
x-amz-id-2: rQnMsdGY/oqxsGoPRtf8zaX7tXvKOkQh/oNiQhGqF8ClFe5AaXS8ojkaVuD2XyrXmtLTIwZpV4I=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5PYQBKEN5WSH25
cf-ray: 8db8b056ae911066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 659c987cfb5d1e96866d5723_email_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 2 KB
2 KB 388ms
381ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/659c987cfb5d1e96866d5723_email_white_line_icon.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ded09789782fad99733cac6a94fc617f55aae1605849fa40c2b21db8a5eec34

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"6bb63141af64165f33d46a4826528814"
x-amz-version-id: fG1pMh0vPM9GwN628Hq8vJ4YzhiRfPiK
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Tue, 09 Jan 2024 00:51:10 GMT
vary: Accept-Encoding
x-amz-id-2: dEHBQFj4PaNbG8hbDQHrrrGUn0xvDq6IWilpuXTk/cuBnwTAJKb4kl1Grqqu0rIOOz4tvozsK9M=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5Z3Z3J3JHQM5BS
cf-ray: 8db8b056ae921066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 671a70166a92c2b4beb7894a_Brief_Browsing-Forensics-with-HEAT-Shield.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/ 113 KB
114 KB 386ms
380ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/671a70166a92c2b4beb7894a_Brief_Browsing-Forensics-with-HEAT-Shield.png
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93d422c94e254e573a0d094a63c2a57c089c769bd92472e1d60c55c6e27d57aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: HIT
etag: "501a9bcf640cbba7bdddb6354e748772"
x-amz-version-id: sEFeuciQNSaZfyYH7Gnml701.fY5vh9l
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/png
last-modified: Thu, 24 Oct 2024 16:04:40 GMT
vary: Accept-Encoding
x-amz-id-2: xCncgQtUg3UgiKaFamSiDqbd6K6p3BbIkW05mU6lbSEDx6oxC4BR9qPw3M0fW9vdMumtZuRWNNI=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5ZF1RPY3QEZ45Z
cf-ray: 8db8b056ae931066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 115614
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 6569c1ab2800036a4d82da3e_Menlo_circle-arrow%E2%80%94Orange.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 431 B
882 B 417ms
411ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6569c1ab2800036a4d82da3e_Menlo_circle-arrow%E2%80%94Orange.svg
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b6e95be24a1a3898f651bec06bb95389d379b49b1f1b0f9a1f4f9fdfb12bc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"542e4012b8e5a35ffab762743a6519df"
x-amz-version-id: KAN4xukQJ9M_c85FEWZgwpefEOgAmQid
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/svg+xml
last-modified: Fri, 01 Dec 2023 11:21:17 GMT
vary: Accept-Encoding
x-amz-id-2: +Y1P6FIyqfn84ICaAdwaw4ES82v9y+cfnYe8gJHFnABH5edaVwUu184JCwIMIIGqFfvv4U2Y/I8=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5RCPJS361VW5MV
cf-ray: 8db8b056ae941066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 worker-ec801144d32aa276144ce1be2e3a68a1br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 264 KB
64 KB 19ms
6ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/worker-ec801144d32aa276144ce1be2e3a68a1br.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 5fcfed8a8e5a83133a754733331d975d9dd6ce8c914b5254c38c0649b446648b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=+fCq4g==, md5=fG8h7gv1T6R0f4+R1/447Q==
etag: "7c6f21ee0bf54fa4747f8f91d7fe38ed"
age: 242031
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 65179
date: Tue, 29 Oct 2024 07:56:04 GMT
last-modified: Tue, 29 Oct 2024 06:48:30 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AHmUCY3ewyfkrBi1fqAEM5-KjQ5HRVaYO8vzIcVIA8eNGJOAxmRzrC1teQwBIwzY45Jj_TLRONBIgyAf8g
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730184510723850
content-length: 65179
content-language: en
server: UploadServer

GET
H3 200 va_gq-b1afa1aae2b2cf254ad788339141d3b5br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 275 KB
71 KB 23ms
10ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/va_gq-b1afa1aae2b2cf254ad788339141d3b5br.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4306729a57aea0a73818aca0a3e72917358f17a8dd6e5684d444712f856b0af5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=3sRjaQ==, md5=3IJr2MJgBbL95lk1vrT+3w==
etag: "dc826bd8c26005b2fde65935beb4fedf"
age: 56258
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 73017
date: Thu, 31 Oct 2024 11:32:17 GMT
last-modified: Tue, 29 Oct 2024 11:43:28 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AHmUCY3ahjvhtHsBNS-HxmTHVsjDLylYYHUkN6afBvefFz3CWIMMwvbCP27oXTsWtyHhJAm_i54vJ3PJuw
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730202208352385
content-length: 73017
content-language: en
server: UploadServer

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
146 B 242ms
241ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=910208&d=menlosecurity.com&u=D7095C0AF2BBE2FA6529BCCF636B8F01A&h=3ea28b42b1437b15be5322d78da18daa&t=false

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv02c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=43200
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/gif
server: gnv02c

POST
H3 200 collect
www.google.com/ccm/ 0
0 32ms
12ms Ping
text/plain 74.125.24.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&scrsrc=www.googletagmanager.com&frm=0&rnd=458554353.1730430596&auid=530064321.1730430596&npa=0&gtm=45He4au0v830118234za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tft=1730430595667&tfd=700&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 74.125.24.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sf-in-f99.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 431 KB
135 KB 104ms
101ms Script
application/javascript 2404:6800:4003:c01::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce1396c7561b874d91159e5e0fafa5b32f2ff0e30463d778f0dfa919ccb7da1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 01 Nov 2024 03:09:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 137667
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 9d098b8d-9cde-40ee-beab-3b850059beba.js Show response
j.6sc.co/j/ 4 KB
2 KB 944ms
898ms Script
application/javascript 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/9d098b8d-9cde-40ee-beab-3b850059beba.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-44-4-160.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2a4274b3cc3e0f1c657d92cd91051243635cf08951925f7dabcf24ce7005b0d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
etag: "a78e9f870ad4c64f810b2020cca5d9ee"
x-amz-version-id: 2xVIr_VLK.K69VKXDZbBKfWOdjNXST5u
expires: Fri, 01 Nov 2024 03:39:56 GMT
x-amz-cf-id: f1GYA2gsxocAFwXPFKPRMF9Hv6Cj7DD8m5qFdrHrdYk6nmdUWfp6oA==
date: Fri, 01 Nov 2024 03:09:56 GMT
last-modified: Thu, 04 Jan 2024 00:00:45 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
accept-ranges: bytes
content-length: 1456
x-amz-cf-pop: SIN2-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 750ms
251ms Script
application/javascript 151.101.20.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.20.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Fri, 01 Nov 2024 03:09:56 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 20:04:45 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kcgs7200099-IAD, cache-bfi-krnt7300023-BFI
x-amz-server-side-encryption: AES256

GET
H2 200 hotjar-1854968.js Show response
static.hotjar.com/c/ 13 KB
5 KB 252ms
208ms Script
application/javascript 108.156.133.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1854968.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.133.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-133-37.sin2.r.cloudfront.net

Software

Resource Hash

7e427014365514b080f1644ab8f7e6bc3700c2f9bdc5ecf4b9d7f77efdd1a33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/6dcd39445ecdd4116d35a44e8bc9b221
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 27f668bcd09435386d2434e95a56f7d6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: hu73_rsIvKpPFz1qrVU77NXEPTEiS8urVk9D3dXH3S1Gw8pWd-SyDA==
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: SIN2-P4

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 282 KB
97 KB 55ms
48ms Script
application/javascript 2404:6800:4003:c01::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ccb55e180b6008bb80e0d12668fd55ab1da436595b815ace9c20b41e8eb0bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Fri, 01 Nov 2024 03:09:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99481
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 203ms
58ms Script
application/javascript 2403:e800:e80b::2a63:8c8b
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2403:e800:e80b::2a63:8c8b , Hong Kong, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=10260
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Fri, 01 Nov 2024 03:09:55 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 243 KB
87 KB 23ms
17ms Script
application/javascript 2404:6800:4003:c01::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6d041e5db3e386dbb35073702927111e65871075c34b65aa796e910b39463c6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Fri, 01 Nov 2024 03:09:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89185
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 105ms
33ms Script
application/x-javascript 57.144.144.128
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.144.128 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin11.fbcdn.net

Software

Resource Hash

b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-lLMoJc5Q' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-lLMoJc5Q' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4452, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: LovmmKPgMS5/ENJPDmVDEtYpr7hd1FBGwIN9Kl54DSbz6SC+vyrVAY4eB20od1LqiCgXEoy1bM4UE9ONZ9i88Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62068
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 66ms
25ms Script
application/x-javascript 23.15.110.65
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.15.110.65 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-15-110-65.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

Content-Encoding: gzip
ETag: "49bb20382072bfb6b798a6f4c6ab8354:1730261707.305765"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 746
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date: Fri, 01 Nov 2024 03:09:55 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Oct 2024 04:15:07 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 widget.js Show response
app.hushly.com/runtime/ 1 KB
2 KB 708ms
248ms Script
text/javascript 35.83.31.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hushly.com/runtime/widget.js?aid=83162

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-83-31-139.us-west-2.compute.amazonaws.com

Software

Resource Hash

286df06f268fa067213350c826e4c21c62bc0ed7635d099875b11679adbd95b3

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
expires: Thu, 01 Jan 1970 00:00:00 GMT
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: text/javascript;charset=utf-8

GET
H2 200 trrsm2wf4gwm.js Show response
js.driftt.com/include/1730430600000/ 221 KB
62 KB 1053ms
948ms Script
application/javascript 13.33.30.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1730430600000/trrsm2wf4gwm.js

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.30.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-30-93.sin2.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
x-amz-version-id: px8T70IzhuJ6oS1M7izBjK7Y8.9uRoPx
etag: W/"182931eb99afb01276b448d2f7bd627d"
access-control-allow-methods: GET, POST, OPTIONS
x-cache: Miss from cloudfront
x-amz-cf-id: PiFEyVYOPDJcpnQfN25eNhSC_6nGxEmmLR8qLV7lwm1F6pqv_dWamg==
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 11 Oct 2024 18:47:07 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache
x-envoy-upstream-service-time: 59
access-control-allow-credentials: true
via: 1.1 475d669d6a669094dfa09def007f90d6.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SIN2-P1
server: istio-envoy
x-amz-server-side-encryption: AES256

GET
H2 200 fullcircle.js Show response
d2i34c80a0ftze.cloudfront.net/ 32 KB
11 KB 907ms
286ms Script
application/json 2600:9000:21f8:b000:9:14eb:6280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f8:b000:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

5f8ece9fc3c316bd78480ef2f48dc82b47f84a1a2a39ddd4a0fec27a720cae41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-amz-apigw-id: AgT-REaivHcEHIQ=
age: 70390
x-amzn-trace-id: Root=1-6723338e-14ddc56436198e8368d8f864;Parent=28f25c4e05e6bc0c;Sampled=0;Lineage=1:be50798f:0
x-amzn-requestid: 51e03fb5-c5ef-4788-807c-87e481ae92b5
via: 1.1 df7c0ba7857d5300ae11e7566c926f16.cloudfront.net (CloudFront), 1.1 f211f91e8d5cedb9f00541e06f435da2.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-id: 8uUlRFV69o2tX2B6P05eI7k9FCPckDx3FAkVpMQc4Gm98skl-wyAGg==
date: Thu, 31 Oct 2024 07:36:46 GMT
content-type: application/json
x-amz-cf-pop: FRA56-C1, TLV50-C1
vary: Accept-Encoding

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 138ms
48ms Script
text/javascript 2606:4700::6812:1247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1247 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=1200
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 38494
via: 1.1 google
cf-ray: 8db8b0580f8744ba-SIN
expires: Fri, 01 Nov 2024 03:29:55 GMT
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: text/javascript
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
vary: Accept-Encoding
server: cloudflare

GET 8d3d6c49-3822-4a47-a552-e11867235d28
https://www.menlosecurity.com/ Frame 0
0

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 07DD 0
0 85ms
12ms Document
text/html 2404:6800:4003:c01::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.menlosecurity.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 9044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Nov 2024 00:39:11 GMT
expires: Sat, 01 Nov 2025 00:39:11 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 271ms
271ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7095C0AF2BBE2FA6529BCCF636B8F01A&s=1730430594&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22en-sg%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1730430595788%2C%22tO%22%3A-8%2C%22tz%22%3A%22Asia%2FSingapore%22%7D&cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&r=0&p=1&cq=0&vn=undefined&vns=undefined&vno=undefined&eTime=1730430594808&v=3faa98f1a

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv02c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
x-content-type-options: nosniff
via: 1.1 google
expires: Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: image/gif
server: gnv02c

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10976805707/ 6 KB
2 KB 60ms
19ms Script
text/javascript 74.125.24.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10976805707/?random=1730430595831&cv=11&fst=1730430595831&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f154.1e100.net

Software

cafe /

Resource Hash

55bffe59c98978287a621961a6c501ca960b23c26ee836266fc367917325b003

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2432
date: Fri, 01 Nov 2024 03:09:55 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10976805707
td.doubleclick.net/td/rul/ Frame 5D04 0
0 42ms
22ms Document
text/html 2404:6800:4003:c01::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10976805707?random=1730430595831&cv=11&fst=1730430595831&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::9b Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.menlosecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Nov 2024 03:09:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 9ms
9ms Script
application/x-javascript 23.15.110.65
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.15.110.65 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-15-110-65.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

Cache-Control: max-age=8640000
Content-Encoding: gzip
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection: keep-alive
Expires: Sun, 09 Feb 2025 03:09:55 GMT
Accept-Ranges: bytes
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length: 4741
Date: Fri, 01 Nov 2024 03:09:55 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/ 43 B
62 B 18ms
17ms Script
text/javascript 74.125.24.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/?random=1730430595903&cv=11&fst=1730430595903&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f154.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 37
date: Fri, 01 Nov 2024 03:09:55 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 684820168
td.doubleclick.net/td/rul/ Frame 7251 0
0 17ms
17ms Document
text/html 2404:6800:4003:c01::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/684820168?random=1730430595903&cv=11&fst=1730430595903&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c01::9b Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.menlosecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Nov 2024 03:09:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1626328370711236 Show response
connect.facebook.net/signals/config/ 76 KB
15 KB 253ms
252ms Script
application/x-javascript 57.144.144.128
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1626328370711236?v=2.9.175&r=stable&domain=www.menlosecurity.com&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

57.144.144.128 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin11.fbcdn.net

Software

Resource Hash

e15a6c28d823d04b27f738d1397d5a727d2e1a2a2ac288e512f6b203fa5cb04f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-BZehXYtE' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-BZehXYtE' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=76, mss=1232, tbw=70274, tp=66, tpl=0, uplat=215, ullat=0
pragma: public
x-fb-debug: A85sn2mYxjYOYwWmOGE/DedJAEI2enQG120pHscvUbAmpDByaJma5g1LIuQ/yNSd1sWbWtji94ZTjYmIThbMcQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 collect
analytics.google.com/g/ 0
0 123ms
14ms Fetch
text/plain 2404:6800:4003:c1c::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-C2G0PCSJKE&gtm=45je4au0v868642232z8830118234za200zb830118234&_p=1730430595547&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1219144783.1730430596&ecid=1636916591&ul=en-sg&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_eu=EA&_s=1&sid=1730430596&sct=1&seg=0&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1126
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c1c::71 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.menlosecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
549 B 122ms
13ms Ping
text/plain 2404:6800:4003:c02::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-C2G0PCSJKE&cid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c02::9a Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.menlosecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 rul
td.doubleclick.net/td/ga/ Frame 20CE 0
0 60ms
58ms Document
text/html 172.217.194.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-C2G0PCSJKE&gacid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1193359782

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.menlosecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Nov 2024 03:09:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ga-audiences
www.google.com.sg/ads/ 42 B
408 B 103ms
24ms Image
image/gif 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-C2G0PCSJKE&cid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1977748921

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 01 Nov 2024 03:09:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 291ms
223ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=474058&time=1730430596150&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Referer: https://www.menlosecurity.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 000625d14500aff422c558396df72ddb
x-msedge-ref: Ref A: 11E5FDE330DF4B2FA7EB8E7FA003724C Ref B: SIN30EDGE0721 Ref C: 2024-11-01T03:09:56Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYl0UUAr/QixVg5bfct2w==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 03:09:55 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whats...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whats...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1730430596150%26li_adsId%3Ddf8b3ca6-3ddb-4236-b760-bee21d6b4ac5%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whats...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-what...

0
489 B

291ms
253ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQKlrGP3uxtt3AAAAZLls3fqGp13YJ7l-e0vChLslSpKNi8L6Eq-nqnOGtL88eBf5xdVEUY2kp67
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D887B798D4264ED5BD1B6D5979BB1CFB Ref B: SIN30EDGE0410 Ref C: 2024-11-01T03:09:57Z
x-li-fabric: prod-lva1
x-li-uuid: AAYl0UUQmbSfp/nLW7NHQA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQKlrGP3uxtt3AAAAZLls3fqGp13YJ7l-e0vChLslSpKNi8L6Eq-nqnOGtL88eBf5xdVEUY2kp67
x-msedge-ref: Ref A: 9453627B47214F6ABB077B7A12EE9F5C Ref B: SIN30EDGE0520 Ref C: 2024-11-01T03:09:56Z
x-li-fabric: prod-lva1
x-li-uuid: AAYl0UUMUumIXVJ/z4tDNQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 01 Nov 2024 03:09:56 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
442 B 238ms
237ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16648054&r=1730430596152&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
ibc_rate_tier: 16648054
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-encoding: identity
expires: Fri, 01 Nov 2024 04:09:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 43
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/gif
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
vary: Origin
x-guploader-uploadid: AHmUCY2TLH8JNWZGcnNMDFGLKuulq__UHSiAktdieGARavknXeNJ_V6VqIhrox-_iiSUjvW8pN0
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1670534369365034
content-length: 43
server: nginx/1.20.2

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 302ms
236ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16648054&r=1730430596152&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.menlosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 01 Nov 2024 03:09:56 GMT
expires: Fri, 01 Nov 2024 03:09:56 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHmUCY33p-1QHJ-PyWtxl-Afnk5iKckUxgZOLi1ILNjZl6pbgrATbLvucjLKJFCLpjTkRruXf1g

POST
H/1.1 200
OK visitWebPage
281-owv-899.mktoresp.com/webevents/ 2 B
318 B 1455ms
189ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://281-owv-899.mktoresp.com/webevents/visitWebPage?_mchNc=1730430596154&_mchCn=&_mchId=281-OWV-899&_mchTk=_mch-menlosecurity.com-1730430596153-67723&_mchHo=www.menlosecurity.com&_mchPo=&_mchRu=%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

Transfer-Encoding: chunked
X-Request-Id: ce2f2743-d062-4b71-9696-f50549ae2f54
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Fri, 01 Nov 2024 03:09:57 GMT
Content-Type: text/plain; charset=UTF-8
Server: nginx/1.20.1

GET
H3 200 /
www.google.com/pagead/1p-user-list/10976805707/ 42 B
64 B 45ms
44ms Image
image/gif 74.125.24.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10976805707/?random=1730430595831&cv=11&fst=1730430000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7drfAl5ISfYfrsTqGeNIVHG3mE4e8YVQ&random=4248621372&rmt_tld=0&ipr=y

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.24.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f99.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 01 Nov 2024 03:09:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 /
www.google.com.sg/pagead/1p-user-list/10976805707/ 42 B
154 B 31ms
30ms Image
image/gif 2404:6800:4003:c1a::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.sg/pagead/1p-user-list/10976805707/?random=1730430595831&cv=11&fst=1730430000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7drfAl5ISfYfrsTqGeNIVHG3mE4e8YVQ&random=4248621372&rmt_tld=1&ipr=y

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Fri, 01 Nov 2024 03:09:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 modules.625495a901d247c3e8d4.js Show response
script.hotjar.com/ 221 KB
55 KB 57ms
10ms Script
application/javascript 108.157.254.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.625495a901d247c3e8d4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1854968.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.254.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-254-81.sin2.r.cloudfront.net

Software

Resource Hash

c0d57eff0936a57e0c8d6bc93314585c734e5ade88d6de970e1e305ae5d87224

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-robots-tag: none
content-encoding: br
etag: "862c1be6e71cd836a43ce679991261fd"
age: 299209
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: xSjV7hs_nguiyRO2GS0RCSx4VdObbLpLJgYW3uYmYYwSDpgFy_4gTg==
date: Mon, 28 Oct 2024 16:03:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 28 Oct 2024 16:02:55 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 28831e33c2b6b14bc20bb534d284147a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56056
x-amz-cf-pop: SIN2-P3

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 45ms
6ms Image
text/plain 2a03:2880:f348:1:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&rl=&if=false&ts=1730430596342&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=4126&fbp=fb.1.1730430596339.979125584821195573&cs_est=true&ler=empty&cdl=API_unavailable&it=1730430596023&coo=false&rqm=GET

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f348:1:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=3, rtx=0, c=10, mss=1297, tbw=2955, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 352ms
314ms Image
image/png 2a03:2880:f348:1:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&rl=&if=false&ts=1730430596342&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=4126&fbp=fb.1.1730430596339.979125584821195573&cs_est=true&ler=empty&cdl=API_unavailable&it=1730430596023&coo=false&rqm=FGET

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f348:1:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src 'report-sample' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7432142819923046825"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 934MHs8Y4PF8RtYB/G/lecHlZIbw7E42/F+q05CbWhx/23uxdOjVuPkrJ6LQtpqgHg3hAtQPgjAfJQD+70vq7w==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7432142819923046825", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=4, rtx=0, c=14, mss=1297, tbw=3272, tp=-1, tpl=-1, uplat=308, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H2 200 widget-24484d4203334d7eab77aca1c755ba1e.js Show response
app.hushly.com/assets/ 1 MB
293 KB 414ms
414ms Script
text/javascript 35.83.31.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.hushly.com/assets/widget-24484d4203334d7eab77aca1c755ba1e.js
Requested by: Host: app.hushly.com
URL: https://app.hushly.com/runtime/widget.js?aid=83162
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-83-31-139.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 3faeacebd26ec01d6f194b404ea22fc23af6cef08be5d4b345026feba2494717

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: gzip
etag: "widget-24484d4203334d7eab77aca1c755ba1e.js"
content-length: 299192
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 22 Oct 2024 10:30:52 GMT
vary: Accept-Encoding

GET
H2 200 adsct
t.co/i/ 43 B
628 B 330ms
240ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&dv=Asia%2FSingapore%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=8af539ad-df52-4377-b650-c5dbf9aa83a1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=4bedaf28-2947-4493-8d24-c2d574017e4a&tw_document_href=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nx5nr&type=javascript&version=2.3.31

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_m /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: 2e4ab3a4ef36ed68
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 0ac10d29cf4d69a1c4256361ab0fdf18bce21285492677d20d763df91e63eff1
cf-cache-status: DYNAMIC
cf-ray: 8db8b05c9f7c859d-HKG
x-response-time: 96
content-length: 43
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_m

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
393 B 332ms
167ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&dv=Asia%2FSingapore%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=8af539ad-df52-4377-b650-c5dbf9aa83a1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=4bedaf28-2947-4493-8d24-c2d574017e4a&tw_document_href=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nx5nr&type=javascript&version=2.3.31

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_m /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 1942cacc5313dff7
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 6a09b782d92e561f02954f520ad4e5d1180a5e0519c8618481e42db615a6b12c
x-response-time: 96
content-length: 43
date: Fri, 01 Nov 2024 03:09:55 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_m

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 28ms
28ms Script
application/javascript 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/9d098b8d-9cde-40ee-beab-3b850059beba.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 06:09:56 GMT
accept-ranges: bytes
content-length: 18819
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

POST
H2 200 create Show response
st.fullcircleinsights.com/v1/visitors/ 1 KB
2 KB 627ms
621ms XHR
application/json 108.156.133.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://st.fullcircleinsights.com/v1/visitors/create

Requested by

Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.133.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-133-27.sin2.r.cloudfront.net

Software

Resource Hash

f4b4dddf4e41d212292c3714e189ade5e057ed311b0e7f79647eda8a788b1bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.menlosecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
js-version: 1.0.59
x-api-key: uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
origin-fci: https://www.menlosecurity.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-amz-apigw-id: Ai_07GWnvHcEp3g=
x-amzn-trace-id: Root=1-67244685-752f6bd63dd7f1d96f111074;Parent=441639b78932be6d;Sampled=0;Lineage=1:7c392b7c:0
x-amzn-requestid: 6dbde1da-191d-4e44-80c2-662c82c682ae
via: 1.1 01348adbf285860dd21bc52b989abbe4.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.menlosecurity.com
x-cache: Miss from cloudfront
content-length: 1392
x-amz-cf-id: f0Pb8PIvGnt1fOvTngiis1oK-pZluNKiR6SePyQlcyV3JtBHtxTdVA==
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: application/json
vary: Origin
x-amz-cf-pop: SIN2-P4

OPTIONS
H2 200 create
st.fullcircleinsights.com/v1/visitors/ Frame 0
0 552ms
491ms Preflight
application/json 108.156.133.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visitors/create
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.133.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-133-27.sin2.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.menlosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.menlosecurity.com
content-length: 1
content-type: application/json
date: Fri, 01 Nov 2024 03:09:57 GMT
via: 1.1 01348adbf285860dd21bc52b989abbe4.cloudfront.net (CloudFront)
x-amz-apigw-id: Ai_02G8dPHcEIrQ=
x-amz-cf-id: j0KWUJhDhEeyORRYz_2Q-MyeAMJhEOQJDlG1Pd2Gzfhs1aRqoTKLFw==
x-amz-cf-pop: SIN2-P4
x-amzn-requestid: 5ba85075-cad4-4314-93da-edffb643d001
x-cache: Miss from cloudfront

GET
BLOB 200
OK a6570f03-17e4-459f-b0bb-4d15af4fbe1d
https://www.menlosecurity.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.menlosecurity.com/a6570f03-17e4-459f-b0bb-4d15af4fbe1d
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif
Content-Length: 43

GET
H2 200 getForm Show response
info.menlosecurity.com/index.php/form/ 22 KB
5 KB 491ms
490ms Script
application/javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://info.menlosecurity.com/index.php/form/getForm?munchkinId=281-OWV-899&form=2571&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&callback=jQuery3710502803333363071_1730430596967&_=1730430596968
Requested by: Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 210e8c047dcf1b3737817afe8b156cbce1d84b9eb74f8c73479ee053128de901

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-ray: 8db8b05f5b208527-HKG
cached: true
content-encoding: gzip
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H3 200 6564ef5d3a4cb7b5ea3a9059_Footer_grad_background_01.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 963 B
926 B 109ms
109ms Image
image/svg+xml 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9059_Footer_grad_background_01.svg
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24f95156ad08aa62d037edcb9140e7525436ae784cb8dbf827e4dd73c049a9c7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"06bc9b55903dee3955c218722211ea0b"
x-amz-version-id: wZrIwSiQ3HB_4mBj4RzB_7r35bkJm7eb
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: image/svg+xml
last-modified: Mon, 27 Nov 2023 19:34:54 GMT
vary: Accept-Encoding
x-amz-id-2: UVh5dwh6+39apaXUcHMw6U3g06cYxPIn74mZau7AaaRnZjf1MMrikes57lXd1VATS6R889R2LBE=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5J3DBFTP9TFT66
cf-ray: 8db8b05f5ff61066-HKG
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 659d74d1fd14b8b43c2954f8_privacyoptions-gry.png
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 445 B
821 B 105ms
105ms Image
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/659d74d1fd14b8b43c2954f8_privacyoptions-gry.png
Requested by: Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cce437faf73c67f2163692a58b9a23a154facef1d77fe1ae8ad189659b56a93a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

cf-cache-status: HIT
etag: "b6ed571ffee761eed42633f077351e2f"
x-amz-version-id: qGQd80XCMBzwZfe3ECBhNqfx2KNpdjGz
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: image/png
last-modified: Tue, 09 Jan 2024 16:31:14 GMT
vary: Accept-Encoding
x-amz-id-2: 4Uq+CuChFHhd+sS6Rnn3M9w/WP90hKGcu/yslgV4VGUPkHN53x1PCjfSuysPfk9UlS+j+6Lo+Gs=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5MQD3Y11NHZTM8
cf-ray: 8db8b05f5ffa1066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 445
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 nc-7c32c945932fe8ea8030d34017827871br.js Show response
dev.visualwebsiteoptimizer.com/cdn/edrv/ 17 KB
5 KB 34ms
34ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/edrv/nc-7c32c945932fe8ea8030d34017827871br.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e8a6fd9b02a5a263bec7bb83415f8f6e6f7a6f79d1934f7137005c1b5e055d70

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=3VrJCQ==, md5=IwHwngkLEd7u9y19EUzSgA==
etag: "2301f09e090b11deeef72d7d114cd280"
age: 124195
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 5582
date: Wed, 30 Oct 2024 16:40:02 GMT
last-modified: Tue, 29 Oct 2024 11:44:10 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AHmUCY2RIgbb-m5A5M8eQeoFkHRyPjd1EYbXvssY_nqbHOXjvALu1JSV5CVIJxly0V1YJD7Cb4Y
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730202250769732
content-length: 5582
content-language: en
server: UploadServer

GET
H2 200 79031691.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 76ms
17ms Script
text/javascript 151.101.2.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/79031691.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.109 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
etag: "421e-622567fbeb380-gzip"
age: 3819288
expires: Fri, 15 Sep 2034 22:15:08 GMT
x-cache: HIT
date: Fri, 01 Nov 2024 03:09:57 GMT
last-modified: Tue, 17 Sep 2024 20:26:06 GMT
x-bapp-server: assets-7bdd87c4bd-j86mt
x-cache-hits: 41991
content-type: text/javascript; charset=utf-8
x-served-by: cache-qpg1256-QPG
vary: Accept-Encoding
x-vimeo-dc: ge
cache-control: max-age=86400
timing-allow-origin: *
x-timer: S1730430597.190613,VS0,VE0
via: 1.1 varnish
accept-ranges: bytes
content-length: 5579
server: Apache

GET
H3 200 track-4ef6cfea160b35c6d33fa6584de68830br.js Show response
dev.visualwebsiteoptimizer.com/cdn/7.0/ 16 KB
5 KB 23ms
21ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/7.0/track-4ef6cfea160b35c6d33fa6584de68830br.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a6b12e0c36072bb8882feece0c7d846b9a18b80ae3a2e3cf9c2572dbe785dd3b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=W+ny6Q==, md5=2DoKxhrq+vPDJghyyvRhHA==
etag: "d83a0ac61aeafaf3c3260872caf4611c"
age: 456372
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 4745
date: Sat, 26 Oct 2024 20:23:45 GMT
last-modified: Thu, 24 Oct 2024 17:14:10 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AHmUCY3LrXc0KYsKjzh5sRlqR6oP92fMW5qFl3BOUwMxdfKhDmbGSj80tJb014n330Xei9xoo8Pqf8Z-dw
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1729790050637377
content-length: 4745
content-language: en
server: UploadServer

GET
H3 200 opa-c1a7e9a804477f7549f85b3ccae89c43br.js Show response
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/ 157 KB
39 KB 23ms
21ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-c1a7e9a804477f7549f85b3ccae89c43br.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 556b7123db68584c782aec092229f6f325e6b7d78cff2b694f6938059de585f0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=1/aoOA==, md5=IThzl1h5ssURnAz6D1R+RA==
etag: "213873975879b2c5119c0cfa0f547e44"
age: 157597
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 40305
date: Wed, 30 Oct 2024 07:23:20 GMT
last-modified: Mon, 28 Oct 2024 12:39:43 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AHmUCY0l-JGxZV_WG3_hz32FErN-v95b9h1S4titB59H9BquS1swzT2vb7ZxGFlsg76nO-GhsxDdYIWlJw
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730119183664906
content-length: 40305
content-language: en
server: UploadServer

POST
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 231ms
230ms Ping
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7095C0AF2BBE2FA6529BCCF636B8F01A&s=1730430594&p=1&update=1&cq=1&ttl=30&vn=undefined&vns=undefined&vno=undefined&eTime=1730430596194&v=3faa98f1a&_cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exp&random=0.5246805666159833

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv02c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
x-content-type-options: nosniff
via: 1.1 google
expires: Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: image/gif
server: gnv02c

GET
H3 200 worker-70faafffa0475802f5ee03ca5ff74179br.js Show response
dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/ 46 KB
13 KB 14ms
13ms XHR
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/worker-70faafffa0475802f5ee03ca5ff74179br.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-c1a7e9a804477f7549f85b3ccae89c43br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

x-goog-metageneration: 1
content-encoding: br
x-goog-hash: crc32c=t9nekA==, md5=OTBW++nqbotSERjfhuer5A==
etag: "393056fbe9ea6e8b521118df86e7abe4"
age: 247096
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 13401
date: Tue, 29 Oct 2024 06:31:41 GMT
last-modified: Mon, 28 Oct 2024 12:40:09 GMT
content-type: text/javascript; charset=UTF-8
x-guploader-uploadid: AHmUCY3IdwiGApvnt_DWCUU_HRldv1h30hPrCuPJKc7KbtWpFxGZzAb-evf8m5Nuo-km-ZY2jxyoSEaPMw
cdn_cache_status: hit
cache-control: public, max-age=31536000
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730119209004678
content-length: 13401
content-language: en
server: UploadServer

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 231ms
231ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7095C0AF2BBE2FA6529BCCF636B8F01A&s=1730430594&p=1&tags={%22si%22:{%2211%22:%221%22}}&eg=1&update=1&cq=1&ttl=30&vn=undefined&vns=undefined&vno=undefined&eTime=1730430596265&v=3faa98f1a&_cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exp

Requested by

Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv02c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
x-content-type-options: nosniff
via: 1.1 google
expires: Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: image/gif
server: gnv02c

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
200 B 245ms
243ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.menlosecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D174B66C9CD44867BE5579A225968F25 Ref B: SIN30EDGE0520 Ref C: 2024-11-01T03:09:57Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYl0UUU3g9g+93W0xIszg==
x-li-proto: http/2
access-control-allow-origin: https://www.menlosecurity.com
x-cache: CONFIG_NOCACHE
date: Fri, 01 Nov 2024 03:09:57 GMT
vary: Origin

GET
H2 200 forms2.css
info.menlosecurity.com/js/forms2/css/ 13 KB
3 KB 61ms
59ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.menlosecurity.com/js/forms2/css/forms2.css

Requested by

Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "1e014aa-3437-62370c030d900"
age: 5433
x-content-type-options: nosniff
cf-ray: 8db8b062ce988527-HKG
expires: Fri, 01 Nov 2024 07:09:57 GMT
accept-ranges: bytes
content-length: 2623
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 forms2-theme-plain.css
info.menlosecurity.com/js/forms2/css/ 828 B
331 B 62ms
60ms Stylesheet
text/css 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.menlosecurity.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "1e014ad-33c-62370c030d900"
age: 5433
x-content-type-options: nosniff
cf-ray: 8db8b062ce998527-HKG
expires: Fri, 01 Nov 2024 07:09:57 GMT
accept-ranges: bytes
content-length: 246
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: text/css
last-modified: Tue, 01 Oct 2024 21:10:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1022 B 22ms
9ms Stylesheet
text/css 2404:6800:4003:c05::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c05::5f Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

139681a94faa2bc84b1493a573777c22280c12f293b42c3f2d3940dab9467d9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:09:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Fri, 01 Nov 2024 01:22:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 widget-9b581f37c15d0fd98691e1e6ddf2477e.css
app.hushly.com/assets/ 69 KB
12 KB 210ms
210ms Stylesheet
text/css 35.83.31.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.hushly.com/assets/widget-9b581f37c15d0fd98691e1e6ddf2477e.css
Requested by: Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-24484d4203334d7eab77aca1c755ba1e.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-83-31-139.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 0300abc1d33b2b4a80e598714896a4f131aaa0c357302b5cc45415eaa84b0fac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: public, max-age=31536000
content-encoding: gzip
etag: "widget-9b581f37c15d0fd98691e1e6ddf2477e.css"
content-length: 11832
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: text/css;charset=UTF-8
last-modified: Tue, 22 Oct 2024 10:30:52 GMT
vary: Accept-Encoding

POST
H2 200 83162 Show response
app.hushly.com/runtime/widgets/ 60 B
946 B 656ms
235ms XHR
application/json 35.83.31.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hushly.com/runtime/widgets/83162

Requested by

Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-24484d4203334d7eab77aca1c755ba1e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-83-31-139.us-west-2.compute.amazonaws.com

Software

Resource Hash

a8331d520e307081359e060643052b00e5529d0062b5ce516c251f4da1b9fae2

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.menlosecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex
content-security-policy
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
access-control-allow-origin: https://www.menlosecurity.com
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: application/json
vary: Accept-Encoding

GET
H2 200 83162 Show response
app.hushly.com/runtime/visitor/ 68 B
803 B 226ms
225ms Script
text/javascript 35.83.31.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hushly.com/runtime/visitor/83162?callback=hushlyVisitorCallback&sid=7e526eca-7c4e-4756-a9de-01ae88ea2d90&vid=e590f7fb-a607-4ccf-b632-cbb800439be1&version=2&hly-ip-address=&_=1730430597475

Requested by

Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-24484d4203334d7eab77aca1c755ba1e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-83-31-139.us-west-2.compute.amazonaws.com

Software

Resource Hash

164a29e80b4330bd2ba7abebbedf41a2e0819fc02e7d8aace8498b274427a174

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex
content-security-policy
cache-control: max-age=31536000, public
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
date: Fri, 01 Nov 2024 03:09:57 GMT
content-type: text/javascript
vary: Accept-Encoding

GET
H2 200 XDFrame Show response
info.menlosecurity.com/index.php/form/ Frame D1AE 2 KB
892 B 855ms
854ms Document
text/html 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.menlosecurity.com/index.php/form/XDFrame

Requested by

Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b43508242f21a59b37bba45231dd25c6c861e079ef05607273c620337e217b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.menlosecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8db8b0639f458527-HKG
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Nov 2024 03:09:58 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET 9b979d69-e010-4e32-9874-45fda516ca4b
https://www.menlosecurity.com/ Frame 0
0

POST
H2 200 queue Show response
st.fullcircleinsights.com/v1/visits/ 2 KB
2 KB 543ms
542ms XHR
application/json 108.156.133.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://st.fullcircleinsights.com/v1/visits/queue

Requested by

Host: d2i34c80a0ftze.cloudfront.net
URL: https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.133.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-133-27.sin2.r.cloudfront.net

Software

Resource Hash

0fec3d0d8a30c60d17c2eb66ac1b97c30bdbbf2ff95c41c9c1b2353ae7a7e046

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.menlosecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
js-version: 1.0.59
x-api-key: uSI2bzqNHv34zA8znmW0LgfsY9TBayMx9gZJf430
origin-fci: https://www.menlosecurity.com

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-amz-apigw-id: Ai_1HG9TPHcECjg=
x-amzn-trace-id: Root=1-67244686-249f3ee84a89a7b2206aa283;Parent=0d726aaed00db6d1;Sampled=0;Lineage=1:adebd93c:0
x-amzn-requestid: 1773d475-a5d8-4050-b111-b43a6ce92423
via: 1.1 01348adbf285860dd21bc52b989abbe4.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.menlosecurity.com
x-cache: Miss from cloudfront
content-length: 2058
x-amz-cf-id: Yk3yyAK9569ZTYL2A6jJFLjMGueG7FaXh0R83r0eCYGR381ihyddzA==
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: application/json
vary: Origin
x-amz-cf-pop: SIN2-P4

OPTIONS
H2 200 queue
st.fullcircleinsights.com/v1/visits/ Frame 0
0 484ms
484ms Preflight
application/json 108.156.133.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://st.fullcircleinsights.com/v1/visits/queue
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.133.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-133-27.sin2.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: js-version,origin-fci,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.menlosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,origin-fci,js-version
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://www.menlosecurity.com
content-length: 1
content-type: application/json
date: Fri, 01 Nov 2024 03:09:58 GMT
via: 1.1 01348adbf285860dd21bc52b989abbe4.cloudfront.net (CloudFront)
x-amz-apigw-id: Ai_1CF1zvHcEfmQ=
x-amz-cf-id: IvNrt7FPq1Lr-7stvcdECe_paKqaRtTb03-piwyDSSvIwbcPi1F5EQ==
x-amz-cf-pop: SIN2-P4
x-amzn-requestid: 8d66ab07-dee5-4c00-b891-0376083e5c0f
x-cache: Miss from cloudfront

POST
H2 200 analyze Show response
r1.visualwebsiteoptimizer.com/ 0
143 B 1300ms
434ms XHR
application/javascript 35.245.208.72
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://r1.visualwebsiteoptimizer.com/analyze?_a=910208&_u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-c1a7e9a804477f7549f85b3ccae89c43br.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.245.208.72 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 72.208.245.35.bc.googleusercontent.com
Software: r1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryReHNdsXfDO77vSAY
Referer: https://www.menlosecurity.com/

Response headers

access-control-allow-origin: *
content-encoding: gzip
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: application/javascript; charset=UTF-8
server: r1

GET
H2 200 83162 Show response
app.hushly.com/runtime/countries/ 75 KB
20 KB 215ms
215ms Script
text/javascript 35.83.31.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hushly.com/runtime/countries/83162?callback=hushlyCountriesCallback&_=1730430597476

Requested by

Host: app.hushly.com
URL: https://app.hushly.com/assets/widget-24484d4203334d7eab77aca1c755ba1e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-83-31-139.us-west-2.compute.amazonaws.com

Software

Resource Hash

68b4b6fc343811ef9268a786ba1a6d45532277051d2db7804896df2b58a9b429

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex
content-security-policy
cache-control: max-age=31536000, public
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: text/javascript
vary: Accept-Encoding

GET
H2 200 forms2.min.js Show response
info.menlosecurity.com/js/forms2/js/ Frame D1AE 199 KB
0 0ms
0ms Script
application/x-javascript 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://info.menlosecurity.com/js/forms2/js/forms2.min.js

Requested by

Host: info.menlosecurity.com
URL: https://info.menlosecurity.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f144e3bc13095ce7d1b638b1b2cc50b52cd12312cba1323706f6e71e8ded1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://info.menlosecurity.com/index.php/form/XDFrame

Response headers

cache-control: public, max-age=14400
content-encoding: gzip
cf-cache-status: HIT
etag: "1e01657-31b91-625a9d5f9a052"
age: 5433
x-content-type-options: nosniff
cf-ray: 8db8b05e7a278527-HKG
expires: Fri, 01 Nov 2024 07:09:56 GMT
date: Fri, 01 Nov 2024 03:09:56 GMT
content-type: application/x-javascript
last-modified: Wed, 30 Oct 2024 04:07:09 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
705 B 35ms
13ms XHR
application/json 103.43.90.54
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.90.54 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

598.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 209.58.162.218; 209.58.162.218; 598.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.menlosecurity.com
an-x-request-uuid: cc421bd6-b022-4fc2-8dc1-ffc756933207
content-length: 11
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 01 Nov 2024 03:09:58 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 10ms
5ms XHR
text/html 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-44-4-160.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.menlosecurity.com
content-length: 7
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 23 B
320 B 198ms
38ms XHR
text/html 2600:1413:a000::1734:2843
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1413:a000::1734:2843 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8a0a823f3c9dcbeb426cc3c88fca6fd0d935c1de42b85234c7f9286f4488c393

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2001:df1:800:a00a:12::2
expires: Fri, 01 Nov 2024 03:09:58 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1730430598686_389294143_805697798_20_917_41_42_219";dur=1
access-control-allow-origin: https://www.menlosecurity.com
content-length: 23
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: text/html
vary: Origin

GET
H2 200 core
js.driftt.com/ Frame D7F9 0
0 694ms
681ms Document
text/html 13.33.30.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=trrsm2wf4gwm&eId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=2d4ea392-bc5d-4fd9-8afb-19749a071cc3&sessionStarted=1730430598.575&campaignRefreshToken=defcd868-7aa1-435d-9f0e-8f882aa117ba&hideController=false&pageLoadStartTime=1730430595520&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1730430600000/trrsm2wf4gwm.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.30.84 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-30-84.sin2.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.menlosecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Nov 2024 03:09:59 GMT
etag: W/"323cf43fb7dd4d8ce2fbf72604328721"
last-modified: Fri, 11 Oct 2024 18:46:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
via: 1.1 74e86ed0fa6d314b06f69aa24cdc2c36.cloudfront.net (CloudFront)
x-amz-cf-id: eyblEkAaOiiJ8RBKoI0_ngBm5WA9oioSQi3are2CMnfyrcllC8sz-Q==
x-amz-cf-pop: SIN2-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: KOzChVsUmRwQhfJPojbnFLzc1Y3kJgXL
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H2 200 chat
js.driftt.com/core/ Frame 83BA 0
0 247ms
235ms Document
text/html 13.33.30.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1730430595520

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1730430600000/trrsm2wf4gwm.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.30.84 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-30-84.sin2.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.menlosecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Nov 2024 03:09:58 GMT
etag: W/"323cf43fb7dd4d8ce2fbf72604328721"
last-modified: Fri, 11 Oct 2024 18:46:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
via: 1.1 74e86ed0fa6d314b06f69aa24cdc2c36.cloudfront.net (CloudFront)
x-amz-cf-id: 58duCW4odzFjyDlNk2E-Pk61BYih94ecLXdBlAkubAwbvjgDqbLlZg==
x-amz-cf-pop: SIN2-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: KOzChVsUmRwQhfJPojbnFLzc1Y3kJgXL
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 122ms
58ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
etag: W/"b2877da906a3216c4f3fc4030b205e54"
age: 28187
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: JrBv6jwhNt0Czeiy_p_zY4YFjZWmKtyBjStKj_vcSgDNq5gg824QhA==
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: application/javascript
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
vary: Accept-Encoding
via: 1.1 34e1f7719ddcee5eb0a04517a96cfe16.cloudfront.net (CloudFront)
cf-ray: 8db8b069bd7b1076-HKG
x-amz-cf-pop: HKG54-C1
server: cloudflare

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 8ms
5ms Script
text/javascript 2404:6800:4003:c1c::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::71 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

content-encoding: gzip
age: 4589
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:53:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 01:53:29 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 239ms
233ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:09:58 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 240ms
235ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22978e5d07c2a3a90aa4884115fca62376%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22cdcc21c50eb45b5f1adbb9f4723fd8296ded280b%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%229d098b8d-9cde-40ee-beab-3b850059beba%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:09:58 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/dcdn/ 40 KB
8 KB 83ms
83ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/dcdn/settings.js?a=910208&settings_type=4&ts=1730282085&dt=desktop&cc=SG
Requested by: Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gsng1 /
Resource Hash: 1f93c66bc541279e634fe10ec00ba3e98ca3158851b053ede72dd06392b0c44e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cdn_cache_status: miss
cache-control: public, max-age=1800, s-maxage=1800
content-encoding: gzip
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:58 GMT
content-type: application/javascript; charset=UTF-8
server: gsng1

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
306 B 8ms
7ms XHR
text/plain 2404:6800:4003:c1c::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1218272732&t=pageview&_s=1&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&ul=en-sg&de=UTF-8&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=200328035&gjid=1560217150&cid=1219144783.1730430596&tid=UA-41161362-2&_gid=2029959372.1730430599&_r=1&_slc=1&gtm=45He4au0n81WL64MFJv830118234za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1160647989

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c1c::71 Singapore, Singapore, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.menlosecurity.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:09:58 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.menlosecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
551 B 199ms
199ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 861a653ae464eb8485a2a5ae4e3831692ab82fec4b43c419aa902f4be30fce0a

Request headers

Authorization: Bearer 2b223f4b411669347307
Referer: https://www.menlosecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"92-tO6p1Fl6VXhWnLhzp6rPPcr8/NI"
apigw-requestid: Ai_1KhLnPHcESGg=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: VyqOotRCj6d4AHP7B9I-V4JMiV47CHsNxPF-8TX2fP8WpQDt8IUU6w==
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: application/json; charset=utf-8
vary: Origin
via: 1.1 d45e7d7d8103c27c11136d671059c638.cloudfront.net (CloudFront)
cf-ray: 8db8b06ba988ddbe-HKG
access-control-allow-origin: https://www.menlosecurity.com
x-amz-cf-pop: HKG54-C1
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 250ms
206ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.menlosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://www.menlosecurity.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: Ai_1IhpxvHcESkQ=
cf-cache-status: DYNAMIC
cf-ray: 8db8b06a6dceddbe-HKG
date: Fri, 01 Nov 2024 03:09:58 GMT
server: cloudflare
vary: Origin
via: 1.1 34bd50b1d81b6dab6060e9282ae29c40.cloudfront.net (CloudFront)
x-amz-cf-id: wCK2Jar2wf9jrbOAJF9bzldKy1Z6Djd0QeFF4h7d1s5TEIIscbt9eg==
x-amz-cf-pop: HKG54-C1
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 details Show response
eps.6sc.co/v3/company/ 772 B
659 B 245ms
104ms XHR
application/json 75.2.108.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash: c228c4dcd76dd6ca475179e9774d28495ab7c18a2baa741ddfb8094fd4c8e6e0

Request headers

Authorization: Token cdcc21c50eb45b5f1adbb9f4723fd8296ded280b
X-6s-CustomID: WebTag 9d098b8d-9cde-40ee-beab-3b850059beba
Referer: https://www.menlosecurity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com
content-encoding: gzip
x-6si-region
access-control-allow-credentials: true
access-control-allow-origin: https://www.menlosecurity.com
content-length: 396
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: application/json
vary: Origin, Accept-Encoding

OPTIONS
H2 200 details
eps.6sc.co/v3/company/ Frame 0
0 239ms
84ms Preflight 75.2.108.141
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eps.6sc.co/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.108.141 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afe865822f884bb48.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.menlosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.menlosecurity.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
content-length: 0
date: Fri, 01 Nov 2024 03:09:58 GMT
timing-allow-origin: https://6sense.com
x-6si-region

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 257ms
256ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=ipv6&q=%7B%22address%22%3A%222001%3Adf1%3A800%3Aa00a%3A12%3A%3A2%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:09:59 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H3 200 / Show response
ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/ 3 KB
2 KB 376ms
326ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

799492f02d53bf806ee7e7b5c848df433c8b72d921ea1b9ccbe89324789da9b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 8938841c3a640367142f1730430599
_vtok: MjA5LjU4LjE2Mi4yMTg=
visited-url: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Referer: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8db8b06f6c79045d-HKG
access-control-allow-origin: https://www.menlosecurity.com
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/ Frame 0
0 340ms
275ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/GQ57xOfAtqXGOqCfMFaF/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.menlosecurity.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.menlosecurity.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8db8b06d6c8f84f4-HKG
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 01 Nov 2024 03:09:59 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 6536e67716d17e337c7f3e60_MenloSecurity_Favicon_32_32.png
cdn.prod.website-files.com/6536e5317bf92f62050c3585/ 746 B
1 KB 64ms
63ms Other
image/png 104.18.160.117
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536e67716d17e337c7f3e60_MenloSecurity_Favicon_32_32.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95094178b1d066267bdca95f971db0499c7df799743c27412fa4064bce385070

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cf-cache-status: HIT
etag: "ac6cf83cc5ea7e9a33c4810bebf9ff90"
x-amz-version-id: wvEzMJDLf8TTPNwxnTd4hdnzk7CaV6Lt
age: 559
alt-svc: h3=":443"; ma=86400
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: image/png
last-modified: Mon, 23 Oct 2023 21:32:40 GMT
vary: Accept-Encoding
x-amz-id-2: hKnvzozlJbBNAbKU3+NXjctESPgx13tLyVndJnC+ZOic62MuArpND7EMBJiWfUPrOw4RU2Jy/0g=
cache-control: max-age=31536000, must-revalidate
x-amz-request-id: FJ5WS773XHAECXFY
cf-ray: 8db8b06e3f671066-HKG
accept-ranges: bytes
access-control-allow-origin: *
content-length: 746
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 234ms
234ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A09%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A09%3A56%20GMT%22%2C%22timeSpent%22%3A%222908%22%2C%22totalTimeSpent%22%3A%222908%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:09:59 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:09:59 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET
BLOB 200
OK 886ba311-fc80-4d43-816d-2d02d4520a41 Show response
https://www.menlosecurity.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.menlosecurity.com/886ba311-fc80-4d43-816d-2d02d4520a41
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 799492f02d53bf806ee7e7b5c848df433c8b72d921ea1b9ccbe89324789da9b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3029

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 239ms
237ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A09%3A59%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223909%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:10:00 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:10:00 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 280ms
279ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A00%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224909%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:10:01 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:10:01 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET img.gif
b.6sc.co/v1/beacon/ 0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 241ms
240ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A03%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A02%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226910%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:10:03 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:10:03 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 analyze Show response
r1.visualwebsiteoptimizer.com/ 0
142 B 224ms
222ms XHR
application/javascript 35.245.208.72
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://r1.visualwebsiteoptimizer.com/analyze?_a=910208&_u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/cdn/analysis/4.0/opa-c1a7e9a804477f7549f85b3ccae89c43br.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.245.208.72 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 72.208.245.35.bc.googleusercontent.com
Software: r1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAmBbI1NnqfxUKSe0
Referer: https://www.menlosecurity.com/

Response headers

access-control-allow-origin: *
content-encoding: gzip
date: Fri, 01 Nov 2024 03:10:03 GMT
content-type: application/javascript; charset=UTF-8
server: r1

POST
H2 204 collect
analytics.google.com/g/ 0
0 7ms
5ms Fetch
text/plain 2404:6800:4003:c1c::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-C2G0PCSJKE&gtm=45je4au0v868642232z8830118234za200zb830118234&_p=1730430595547&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1219144783.1730430596&ecid=1636916591&ul=en-sg&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=2&sid=1730430596&sct=1&seg=0&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&en=company_details_6si&_et=3124&up.company_name_6si=(Non-company%20Visit)&up.company_country_6si=Singapore&up.company_is_6qa_6si=false&tfd=9270
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c1c::71 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.menlosecurity.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 01 Nov 2024 03:10:04 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 245ms
244ms Image
image/gif 23.44.4.160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A03%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227911%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-4-160.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.menlosecurity.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Fri, 01 Nov 2024 03:10:04 GMT
accept-ranges: bytes
content-length: 43
date: Fri, 01 Nov 2024 03:10:04 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.menlosecurity.com
URL: blob:https://www.menlosecurity.com/8d3d6c49-3822-4a47-a552-e11867235d28

Domain: www.menlosecurity.com
URL: blob:https://www.menlosecurity.com/9b979d69-e010-4e32-9874-45fda516ca4b

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=978e5d07c2a3a90aa4884115fca62376&svisitor=null&visitor=fbe725ef-81ab-40c4-81d6-a81402082636&session=6af98c57-b730-47d0-874d-e43376df331a&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2001%20Nov%202024%2003%3A10%3A01%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225910%22%7D&isIframe=false&m=%7B%22description%22%3A%22Menlo%20Security%E2%80%99s%20threat%20research%20team%20recently%20discovered%20a%20phishing%20link%20hosted%20in%20%E2%80%9CGoogle%20Drawings.%E2%80%9D%20Upon%20further%20investigation%2C%20we%20also%20identified%20these%20phis%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&pageViewId=0a66d5ca-5aa8-4c3a-8f6a-453decba94f6&an_uid=0&webTagId=9d098b8d-9cde-40ee-beab-3b850059beba&ipv6=2001%3Adf1%3A800%3Aa00a%3A12%3A%3A2&v=1.1.29

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.menlosecurity.com/	1970-01-21 09:27:32	Name: _vwo_uuid_v2 Value: D7095C0AF2BBE2FA6529BCCF636B8F01A\|3ea28b42b1437b15be5322d78da18daa
.menlosecurity.com/	1970-01-21 02:50:06	Name: _gcl_au Value: 1.1.530064321.1730430596
.menlosecurity.com/	1970-01-21 09:26:27	Name: _vwo_uuid Value: D7095C0AF2BBE2FA6529BCCF636B8F01A
.techtarget.com/	1970-01-21 00:40:32	Name: __cf_bm Value: 63EbElQbMmm4JoflFBaomLy2tpZlf6phrAOWUOcsrsk-1730430595-1.0.1.1-j3.GC_QDauHYORr_xdBZiGBldIForbgttPJTbN5QttkerUbu4Tn08b1TaXmmK9iab3UmexzTVyMO_iOI1o15uw
.doubleclick.net/	1970-01-21 10:16:30	Name: IDE Value: AHWqTUk-n2GZ9EXRJc69Wp7DKZu0KkJPKcDvdM_GS-GjF7M5eOg9Ovy-1dsEQPQG
.menlosecurity.com/	1970-01-21 03:04:30	Name: _vis_opt_s Value: 1%7C
.menlosecurity.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.menlosecurity.com/	1970-01-21 10:16:30	Name: _mkto_trk Value: id:281-OWV-899&token:_mch-menlosecurity.com-1730430596153-67723
.prod.website-files.com/	1970-01-21 00:40:32	Name: __cf_bm Value: zLlbZfyj5idjw46dud2D4GPLWpEFkXxENuGky877md0-1730430596-1.0.1.1-41nalKwBpAn1mSgdZC0MXnIYf8YLeYrNo6dY4a7C3fTTVtEHuuTm9ZDpRfyq8QM9GIYbDO_gWxKSBwQcNefxQg
.menlosecurity.com/	1970-01-21 02:50:06	Name: _fbp Value: fb.1.1730430596339.979125584821195573
app.hushly.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: A5E0F037CFE398404C68524095CAE6AE
.hushly.com/	1970-01-21 10:16:30	Name: _hly_gvid Value: d9b9b359-939a-4cfb-b0e6-3d2446c4db0b
.linkedin.com/	1970-01-21 02:50:06	Name: li_sugr Value: 809dd05a-06b9-4488-aa47-2ba3f8443e54
.linkedin.com/	1970-01-21 09:26:06	Name: bcookie Value: "v=2&ee09dc81-3678-4e8f-81a8-116e7b3a8f09"
.linkedin.com/	1970-01-21 00:41:56	Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3334:u=1:x=1:i=1730430596:t=1730516996:v=2:sig=AQHKxndxJpALlnmNvUYNbfY0nGJu3DV5"
.menlosecurity.com/	1969-12-31 23:59:59	Name: _fcdscst Value: MTczMDQzMDU5NjYyMg==
.linkedin.com/	1970-01-21 01:23:42	Name: UserMatchHistory Value: AQJxpZn_HYOZ_AAAAZLls3Xq05WZW_WI35IWqwjEM7hykWKvg2SZhw-Pfr7AZulreyggfl2XV74lEQ
.linkedin.com/	1970-01-21 01:23:42	Name: AnalyticsSyncHistory Value: AQLJw724nC0JagAAAZLls3XqCdqzyUK1veYq-sQpSaprkDNRpZZbfwB7awJ_W3xaTzlW9tq4v-_e_0bVESvA7Q
.t.co/	1970-01-21 10:16:30	Name: muc_ads Value: 5d0e5b5e-ec67-4e00-b355-4c91a1d09069
.t.co/	1970-01-21 00:40:32	Name: __cf_bm Value: cDlM.Xlj0pv1RkGdf6D9Y0bHNHf97rG7WcT9.iQR4mc-1730430596-1.0.1.1-ad887YXtwjUqdJyW9HNv5UW9e6cAGu.Y6ubGAND.GOwnMky8aHS8hqBUbsT2Z2n3yo9rHHhUrSKLijNQmyjOzA
.twitter.com/	1970-01-21 10:16:30	Name: personalization_id Value: "v1_DXcDjeO6/762gHNSOhK/2w=="
.info.menlosecurity.com/	1970-01-21 00:40:32	Name: __cf_bm Value: fEdJLkGP.FB1PcfZJvb0pr2WDprQIMGk1m8FFIcqRtY-1730430596-1.0.1.1-eqMMFxepiXWBQA82zvYe5IdXgbQgUvAvpLMFvpNxdEYudO3S3skcMu8l1e2ZDR23vx7h67_aAZdFqNmfZiQsqA
.www.linkedin.com/	1970-01-21 09:26:06	Name: bscookie Value: "v=1&2024110103095650bd4e38-53cb-4cb3-89e1-66f781313d2dAQG2S9b7luUR2HK7CjsxS9hRTkx_KTM7"
.menlosecurity.com/	1970-01-21 09:26:06	Name: _hjSessionUser_1854968 Value: eyJpZCI6IjNmOWEzNWY2LTRlZjUtNWNhZS04MjZjLWZkMzc2MDQ5MzM5YyIsImNyZWF0ZWQiOjE3MzA0MzA1OTcxMTUsImV4aXN0aW5nIjpmYWxzZX0=
.menlosecurity.com/	1970-01-21 00:40:32	Name: _hjSession_1854968 Value: eyJpZCI6IjAzZTFiNTAwLTc2ZGUtNDY5MC05ZjA3LTUzOWI2OTU3YjhmYSIsImMiOjE3MzA0MzA1OTcxMTYsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.menlosecurity.com/	1970-01-21 01:23:42	Name: _vwo_ds Value: 3%3Aa_1%2Ct_1%3A0%241730430594%3A17.09187722%3A%3A1_1%3A2_1%2C1_1%3A2
.menlosecurity.com/	1970-01-21 10:16:30	Name: _hly_vid Value: e590f7fb-a607-4ccf-b632-cbb800439be1
www.menlosecurity.com/	1969-12-31 23:59:59	Name: _hly_sid Value: 7e526eca-7c4e-4756-a9de-01ae88ea2d90
.menlosecurity.com/	1970-01-21 00:40:32	Name: _vwo_sn Value: 0%3A1%3Ar1.visualwebsiteoptimizer.com%3A1%3A1%3Areferrer%3D
.menlosecurity.com/	1970-01-21 10:16:30	Name: _fcdscv Value: eyJDdXN0b21lcklkIjoiMTg3ZDIxMDMtYmRjNS00ZTNmLWIwNzAtYjVjNmE0MDAwODQwIiwiVmlzaXRvciI6eyJFbWFpbCI6bnVsbCwiRXh0ZXJuYWxWaXNpdG9ySWQiOiIyODI2NTlmYy0zOGNlLTQzZGQtOWU5ZS0wYWY3MjEzMjc3OGMifSwiVmlzaXRzIjpbXSwiQWN0aXZpdGllcyI6W10sIkRpYWdub3N0aWNNZXNzYWdlIjpudWxsfQ==
app.hushly.com/	1970-01-21 00:50:35	Name: AWSALBCORS Value: ixyW7wvVe3+sE2YOM/WJY0Iq/5zT7yRfT4ZFvy0XDDjgZdYEFRmoKU0fhMrKDwMxUfAug9PpMczP4wX63WJwcShuXFVVCA44JhhbEVPnxCyy35m6r5u6A/Jg9Zjn
info.menlosecurity.com/	1969-12-31 23:59:59	Name: BIGipServersj21web-nginx-app_https Value: !nLrsa9ZDf+UksisRgS7A5F9dNDOAZM5comM8DceZFjMqzZyiMK90HYren6Fc+2PwlPdLaORwf0XxzbE=
www.menlosecurity.com/	1970-01-21 00:40:32	Name: drift_campaign_refresh Value: defcd868-7aa1-435d-9f0e-8f882aa117ba
.adnxs.com/	1970-01-21 10:16:30	Name: receive-cookie-deprecation Value: 1
www.menlosecurity.com/	1970-01-21 00:50:35	Name: _an_uid Value: 0
www.menlosecurity.com/	1970-01-21 10:16:30	Name: _gd_visitor Value: fbe725ef-81ab-40c4-81d6-a81402082636
www.menlosecurity.com/	1970-01-21 00:40:44	Name: _gd_session Value: 6af98c57-b730-47d0-874d-e43376df331a
.menlosecurity.com/	1970-01-21 10:16:30	Name: _ga Value: GA1.2.1219144783.1730430596
.menlosecurity.com/	1970-01-21 00:41:56	Name: _gid Value: GA1.2.2029959372.1730430599
.menlosecurity.com/	1970-01-21 00:40:30	Name: _gat_UA-41161362-2 Value: 1
.www.menlosecurity.com/	1970-01-21 09:26:06	Name: _zitok Value: 8938841c3a640367142f1730430599
.menlosecurity.com/	1970-01-21 10:16:30	Name: _ga_C2G0PCSJKE Value: GS1.1.1730430596.1.0.1730430599.57.0.1636916591
.zoominfo.com/	1970-01-21 00:40:32	Name: __cf_bm Value: ITRwQcy04C7AIx1twT96Hz2hexwuUn46LfyxqkPuSUA-1730430599-1.0.1.1-Op1FttTfiXdik5oFKkHT7by0ObjEUIeXT04qm4lv_aXLeE9vh2EONeFu_mX4eWnksSgM137r51TK_P3YnufJFg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ZvXpTbQCIiyEi4ttwitoahetMQ3OkF_ds.JHIIrdcQQ-1730430599871-0.0.1.1-604800000
www.menlosecurity.com/	1970-01-21 10:16:30	Name: drift_aid Value: d16b3e34-3be5-4d0f-bc7e-7f42faa6334f
www.menlosecurity.com/	1970-01-21 10:16:30	Name: driftt_aid Value: d16b3e34-3be5-4d0f-bc7e-7f42faa6334f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

281-owv-899.mktoresp.com
analytics.google.com
analytics.twitter.com
app.hushly.com
b.6sc.co
c.6sc.co
cdn.prod.website-files.com
connect.facebook.net
d2i34c80a0ftze.cloudfront.net
d3e54v103j8qbb.cloudfront.net
dev.visualwebsiteoptimizer.com
eps.6sc.co
extend.vimeocdn.com
fonts.googleapis.com
googleads.g.doubleclick.net
hubfront.hushly.com
ibc-flow.techtarget.com
info.menlosecurity.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.zi-scripts.com
munchkin.marketo.net
px.ads.linkedin.com
px4.ads.linkedin.com
r1.visualwebsiteoptimizer.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
st.fullcircleinsights.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
td.doubleclick.net
trk.techtarget.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.sg
www.googletagmanager.com
www.linkedin.com
www.menlosecurity.com
b.6sc.co
www.menlosecurity.com
103.43.90.54
104.16.117.43
104.17.71.206
104.18.160.117
104.18.37.212
104.244.42.131
108.156.133.27
108.156.133.37
108.157.254.81
13.107.42.14
13.33.30.84
13.33.30.93
13.35.212.110
151.101.2.109
151.101.20.157
172.217.194.157
172.66.0.227
192.28.147.68
23.15.110.65
23.44.4.160
2403:e800:e80b::2a63:8c8b
2404:6800:4003:c01::61
2404:6800:4003:c01::9b
2404:6800:4003:c02::9a
2404:6800:4003:c05::5f
2404:6800:4003:c1a::5e
2404:6800:4003:c1c::71
2600:1413:a000::1734:2843
2600:9000:21f8:b000:9:14eb:6280:93a1
2600:9000:223b:fc00:13:a3bc:6800:93a1
2606:4700::6812:1247
2606:4700::6812:a175
2620:1ec:21::14
2a03:2880:f348:1:face:b00c:0:25de
34.111.208.231
34.96.102.137
35.245.208.72
35.83.31.139
57.144.144.128
65.0.79.182
74.125.24.154
74.125.24.99
75.2.108.141
0300abc1d33b2b4a80e598714896a4f131aaa0c357302b5cc45415eaa84b0fac
0316b910e0a7b4b953bfe8cf73598737ecaf0950899b00bf3bbbbff1b1038d96
09b67475f266dbf552159ca9f6b44d9dc3ea04842b2bd6e8b09d74f6b21897d0
0b3ca8dc0102f3d1664c1d8fa1276218e9f1b13bd8f80eeeec87015f988f2527
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0fec3d0d8a30c60d17c2eb66ac1b97c30bdbbf2ff95c41c9c1b2353ae7a7e046
139681a94faa2bc84b1493a573777c22280c12f293b42c3f2d3940dab9467d9d
164a29e80b4330bd2ba7abebbedf41a2e0819fc02e7d8aace8498b274427a174
1ccb55e180b6008bb80e0d12668fd55ab1da436595b815ace9c20b41e8eb0bcf
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1f93c66bc541279e634fe10ec00ba3e98ca3158851b053ede72dd06392b0c44e
210e8c047dcf1b3737817afe8b156cbce1d84b9eb74f8c73479ee053128de901
24f95156ad08aa62d037edcb9140e7525436ae784cb8dbf827e4dd73c049a9c7
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
286df06f268fa067213350c826e4c21c62bc0ed7635d099875b11679adbd95b3
2a4274b3cc3e0f1c657d92cd91051243635cf08951925f7dabcf24ce7005b0d0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f402adb6d872721d16ac6d180640bc134f0d3001f57c5a1b2fbf3ea5f18aaea
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3b7b6e95be24a1a3898f651bec06bb95389d379b49b1f1b0f9a1f4f9fdfb12bc
3faeacebd26ec01d6f194b404ea22fc23af6cef08be5d4b345026feba2494717
4306729a57aea0a73818aca0a3e72917358f17a8dd6e5684d444712f856b0af5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47566672ca066e450f97e2cde56cf0ca496b2c001f0d8b62673f60c2686cc748
4b2f97a83181796ad19a73f1b95d34632ab8db56d9f33f09cfff0ad799ef6bde
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
50a5a86a3812bfd69af1231c3a870e4035e6c6dcf9687d46babda3a0f090db80
528e3cc972ef7f6c2812f86e137869f6ced78785f98900aed1278f1b5a726bd9
556b7123db68584c782aec092229f6f325e6b7d78cff2b694f6938059de585f0
55bffe59c98978287a621961a6c501ca960b23c26ee836266fc367917325b003
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
573a481f2f09d26d3f240670b5e8fe7c9660e34b8b436bf6b40edf291e9e410d
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f
5ace0d0833ab83ff18ea94e4a7745f919c458ae4eabc298218226df4275ccd4d
5f8ece9fc3c316bd78480ef2f48dc82b47f84a1a2a39ddd4a0fec27a720cae41
5fcfed8a8e5a83133a754733331d975d9dd6ce8c914b5254c38c0649b446648b
68b4b6fc343811ef9268a786ba1a6d45532277051d2db7804896df2b58a9b429
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6d041e5db3e386dbb35073702927111e65871075c34b65aa796e910b39463c6a
6ded09789782fad99733cac6a94fc617f55aae1605849fa40c2b21db8a5eec34
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
799492f02d53bf806ee7e7b5c848df433c8b72d921ea1b9ccbe89324789da9b7
7d174b4fd89816f5bbc83cc796feecab85ae373950f2eedaa4899e4929eeb3f6
7e427014365514b080f1644ab8f7e6bc3700c2f9bdc5ecf4b9d7f77efdd1a33e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
861a653ae464eb8485a2a5ae4e3831692ab82fec4b43c419aa902f4be30fce0a
889d25db4b8baec5af49f52ba44f9aabf5d3ed27620850a9fd1645746dd76668
8a0a823f3c9dcbeb426cc3c88fca6fd0d935c1de42b85234c7f9286f4488c393
8bcc65474edef8c21cf7cdb2cb4855f1726a3b6f341427d1ba60b4c3c174ce54
8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998
93d422c94e254e573a0d094a63c2a57c089c769bd92472e1d60c55c6e27d57aa
94f0f415642dee975be155c61e8686c471159542c2c79d588fb13d83e6eb3be7
95094178b1d066267bdca95f971db0499c7df799743c27412fa4064bce385070
99e4a85061136e99e052929ed0d85e36384fba5c34b773139a8f64339c609943
9b08fb35a5f56a160b5455b172cac37afa8a18da00e4e2884b3c19790d637ae2
9da14942229f055eb8acb3012a6e1fadcff12d6db2a9736e685a1113539468ba
a6b12e0c36072bb8882feece0c7d846b9a18b80ae3a2e3cf9c2572dbe785dd3b
a8331d520e307081359e060643052b00e5529d0062b5ce516c251f4da1b9fae2
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd
b43508242f21a59b37bba45231dd25c6c861e079ef05607273c620337e217b9b
bb1bf908b6409ef06648805751d0ab2b5266bb25cd8649f42ebdb555dba577d1
c0d57eff0936a57e0c8d6bc93314585c734e5ade88d6de970e1e305ae5d87224
c228c4dcd76dd6ca475179e9774d28495ab7c18a2baa741ddfb8094fd4c8e6e0
ca681b2b9b415d35f4ceef886b26398a76b29856294f94751f910f44dc8e14e7
cce437faf73c67f2163692a58b9a23a154facef1d77fe1ae8ad189659b56a93a
ce1396c7561b874d91159e5e0fafa5b32f2ff0e30463d778f0dfa919ccb7da1f
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e15a6c28d823d04b27f738d1397d5a727d2e1a2a2ac288e512f6b203fa5cb04f
e356e6d4254b6a2c1fbee2fb6e66f1c7ab6de329c8f81b8f6bef7d897b3d56fa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
e8a6fd9b02a5a263bec7bb83415f8f6e6f7a6f79d1934f7137005c1b5e055d70
e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0
ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1214dfeb93c377d705ff4e3fa4026b177b09bd78db8c58fec8bed76042b22cb
f144e3bc13095ce7d1b638b1b2cc50b52cd12312cba1323706f6e71e8ded1e2c
f4b4dddf4e41d212292c3714e189ade5e057ed311b0e7f79647eda8a788b1bca
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.menlosecurity.com Open in urlscan Pro 65.0.79.182 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

127 Requests

95 %HTTPS

33 %IPv6

29 Domains

44 Subdomains

44 IPs

6 Countries

3909 kBTransfer

9628 kBSize

46 Cookies

13 Outgoing links

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.menlosecurity.com Open in urlscan Pro
65.0.79.182 Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

95 %
HTTPS

33 %
IPv6

29
Domains

44
Subdomains

44
IPs

6
Countries

3909 kB
Transfer

9628 kB
Size

46
Cookies

127 HTTP transactions
0 data transactions