cofense.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Submission: On June 16 via api (June 16th 2023, 2:10:34 am UTC) from TR — Scanned from DE

Summary HTTP 154 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 36 IPs in 4 countries across 29 domains to perform 154 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is cofense.com. The Cisco Umbrella rank of the primary domain is 386313.
TLS certificate: Issued by R3 on May 5th 2023. Valid for: 3 months.

This is the only time cofense.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
78	2400:52e0:1e0... 2400:52e0:1e00::1075:1	200325 (BUNNYCDN) (BUNNYCDN)
6	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28c8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
10	23.36.162.208 23.36.162.208	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:310... 2a02:26f0:3100::1735:28c0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.206.79.35 52.206.79.35	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.197.137.224 23.197.137.224	16625 (AKAMAI-AS) (AKAMAI-AS)
1	108.138.36.118 108.138.36.118	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.118.109 146.75.118.109	54113 (FASTLY) (FASTLY)
1	185.89.211.12 185.89.211.12	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a02:26f0:710... 2a02:26f0:7100::210:172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.200.97.200 34.200.97.200	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:400c:c1b::9b	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:237... 2600:9000:237d:1800:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	52.59.122.211 52.59.122.211	16509 (AMAZON-02) (AMAZON-02)
3	52.182.214.99 52.182.214.99	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.196.185.66 34.196.185.66	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700::68... 2606:4700::6812:1105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.188.42.15 35.188.42.15	15169 (GOOGLE) (GOOGLE)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	3.5.2.136 3.5.2.136	14618 (AMAZON-AES) (AMAZON-AES)
154	36

8 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

cofense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

78 2400:52e0:1e00::1075:1 (Germany)

ASN200325 (BUNNYCDN, SI)

ep67mn3zn7v.exactdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28c8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.36.162.208 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-208.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:28c0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.206.79.35 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-79-35.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.197.137.224 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-137-224.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-118.muc50.r.cloudfront.net

static.oktopost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.118.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.12 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100::210:172 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.97.200 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-97-200.compute-1.amazonaws.com

okt.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:237d:1800:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

404-jhu-612.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.122.211 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-122-211.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.182.214.99 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

g.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.196.185.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-185-66.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:1105 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.188.42.15 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 15.42.188.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.5.2.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: s3.us-east-1.amazonaws.com

qualified-production.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	exactdn.com ep67mn3zn7v.exactdn.com	578 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 6484 c.6sc.co — Cisco Umbrella Rank: 9628 ipv6.6sc.co — Cisco Umbrella Rank: 6605 b.6sc.co — Cisco Umbrella Rank: 4269	15 KB
10	qualified.com js.qualified.com — Cisco Umbrella Rank: 25383 app.qualified.com — Cisco Umbrella Rank: 27663 assets.qualified.com — Cisco Umbrella Rank: 27940	1 MB
8	cofense.com cofense.com — Cisco Umbrella Rank: 386313	38 KB
7	amazonaws.com qualified-production.s3.us-east-1.amazonaws.com — Cisco Umbrella Rank: 41579	422 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1007 g.clarity.ms — Cisco Umbrella Rank: 35829 c.clarity.ms — Cisco Umbrella Rank: 1573	27 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 408 www.linkedin.com — Cisco Umbrella Rank: 563 px4.ads.linkedin.com — Cisco Umbrella Rank: 6542	5 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2890 www.google.com — Cisco Umbrella Rank: 3	713 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 18708 ibc-flow.techtarget.com — Cisco Umbrella Rank: 21437	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10859	578 B
2	google.de www.google.de — Cisco Umbrella Rank: 4835	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 124	402 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 4000	7 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	193 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 246	741 B
1	sentry.io sentry.io — Cisco Umbrella Rank: 220	537 B
1	mktoresp.com 404-jhu-612.mktoresp.com	318 B
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1027	375 B
1	okt.to okt.to — Cisco Umbrella Rank: 35514	100 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 476	807 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 11265	6 KB
1	oktopost.com static.oktopost.com — Cisco Umbrella Rank: 45871	4 KB
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5104	2 KB
1	lltrck.com lltrck.com — Cisco Umbrella Rank: 33485
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 960	5 KB
1	gstatic.com fonts.gstatic.com	38 KB
1	typekit.net p.typekit.net — Cisco Umbrella Rank: 783	172 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 80	1 KB
154	29

	Domain	Requested by
78	ep67mn3zn7v.exactdn.com	cofense.com ep67mn3zn7v.exactdn.com
8	assets.qualified.com	cofense.com app.qualified.com assets.qualified.com
8	cofense.com	ep67mn3zn7v.exactdn.com
7	qualified-production.s3.us-east-1.amazonaws.com	assets.qualified.com
7	b.6sc.co	cofense.com
3	g.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	3 redirects
2	c.clarity.ms	1 redirects
2	epsilon.6sense.com	j.6sc.co
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.google.de	cofense.com
2	region1.analytics.google.com	www.googletagmanager.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	ipv6.6sc.co	j.6sc.co
2	c.6sc.co	j.6sc.co
2	www.google-analytics.com	www.googletagmanager.com cofense.com
2	www.clarity.ms	cofense.com www.clarity.ms
2	munchkin.marketo.net	cofense.com munchkin.marketo.net
2	www.googletagmanager.com	cofense.com www.googletagmanager.com
1	c.bing.com	1 redirects
1	sentry.io	assets.qualified.com
1	app.qualified.com	js.qualified.com
1	404-jhu-612.mktoresp.com	munchkin.marketo.net
1	www.google.com	cofense.com
1	px4.ads.linkedin.com	cofense.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	okt.to	static.oktopost.com
1	secure.adnxs.com	j.6sc.co
1	extend.vimeocdn.com	www.googletagmanager.com
1	trk.techtarget.com	cofense.com
1	static.oktopost.com	cofense.com
1	ws.zoominfo.com	cofense.com
1	lltrck.com	cofense.com
1	snap.licdn.com	www.googletagmanager.com
1	j.6sc.co	cofense.com
1	fonts.gstatic.com	fonts.googleapis.com
1	p.typekit.net	ep67mn3zn7v.exactdn.com
1	js.qualified.com	cofense.com
1	fonts.googleapis.com	cofense.com
154	40

This site contains links to these domains. Also see Links.

Domain
cofense.zendesk.com
go.cofense.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
wpml.org

Subject Issuer	Validity	Valid
cofense.com R3	`2023-05-05` - `2023-08-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.exactdn.com R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2022-07-25` - `2023-08-26`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.oktopost.com Amazon RSA 2048 M01	`2023-02-28` - `2023-10-27`	8 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-02-18` - `2024-03-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
okt.to R3	`2023-05-28` - `2023-08-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-05-30` - `2023-08-28`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
app.qualified.com R3	`2023-05-22` - `2023-08-20`	3 months	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-06` - `2024-07-06`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2023-04-11` - `2023-12-20`	8 months	crt.sh

This page contains 2 frames:

Primary Page: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Frame ID: B203CD6391BBD39195E686D76010E1C6
Requests: 145 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59
Frame ID: 14B064523AF3F9563D364EF5C82AD4D4
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Xneelo Users Targeted in a Multi-stage Phishing Attack | Cofense

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

154
Requests

98 %
HTTPS

54 %
IPv6

29
Domains

40
Subdomains

36
IPs

4
Countries

2448 kB
Transfer

5938 kB
Size

36
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://cofense.zendesk.com/auth/v2/login/signin
Title: Customer Resource Center

Search URL Search Domain Scan URL

URL: https://go.cofense.com/live-demo/
Title: Get a Demo

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cofense/
Title: Facebook-f

Search URL Search Domain Scan URL

URL: https://twitter.com/cofense
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/11500065/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCbvJmFk-Pwf85UbGI9-EGxw
Title: Youtube

Search URL Search Domain Scan URL

URL: https://wpml.org/
Title: wpml.org

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 125

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1686881428706%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%252Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJQdG16HYZe_gAAAYjB9-gZCfnZq6NhCY4wwZ70DKnqMjOnbuPbDG6a71MueuIJ

Request Chain 148

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=89B333696C2C442A9B7E9AE06BF7EBCB&RedC=c.clarity.ms&MXFR=0812584E252366D32F2E4B7C21236828 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=89B333696C2C442A9B7E9AE06BF7EBCB&MUID=1AFACC173132656B1676DF2530B964FF

154 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/ 146 KB
27 KB 195ms
160ms Document
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: 53a793812a7388894854da93c2aa8f961fb238289cd253657b465ebfe530d79f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=2419200, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7d7f843bde1b2ba3-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 02:10:27 GMT
last-modified: Thu, 15 Jun 2023 12:12:35 GMT
link: <https://cofense.com/wp-json/>; rel="https://api.w.org/" <https://cofense.com/wp-json/wp/v2/posts/102963>; rel="alternate"; type="application/json" <https://cofense.com/?p=102963>; rel=shortlink
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 189
x-cache-group: normal
x-cacheable: YES:2419200.000
x-powered-by: WP Engine

GET
H2 200 css
fonts.googleapis.com/ 21 KB
1 KB 44ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a021e5ef7022a556c759cca4e248f10383d65a1cd4df600dae57ea37ca481073

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Jun 2023 01:01:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Jun 2023 02:10:28 GMT

GET
H2 200 classic-themes.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-includes/css/ 291 B
1 KB 39ms
6ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-includes/css/classic-themes.min.css?ver=1686862091

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:52:14 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1054
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7973f7e6647196d170d98a1185870672
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-includes/css/classic-themes.min.css?ver=1686862091>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 styles.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/ 57 KB
9 KB 41ms
8ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=1686862091

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

2cc15bc3d3dda4e699624aae9727570dd1cb7cfa4535a074a453e1437e279d21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1047
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 5c793be2d8516302fcbb3697effb2ee1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=1686862091>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/ 906 B
1 KB 40ms
7ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1686862091

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

19fb8fd435c0bce0c7b49c24d128cce686d4a6bba0de63d34d5effa4e1f644f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1047
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 75f4e1b8e58ce15fe73da5e5e3786185
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1686862091>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/ 258 B
993 B 40ms
7ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1686862092

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:52:14 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 3761dd4df00c065703b93e13ea2b0f10
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1686862092>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 style.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/themes/cofense/ 8 KB
4 KB 41ms
8ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/themes/cofense/style.css?ver=1686862092

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c3dfc3f03106f85ab56ceaadf44433f35cca4209d64922d50a1c650c90aa60ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 91f4e3c0257411aaccf2a75cd04173a8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/themes/cofense/style.css?ver=1686862092>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 elementor-icons.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
5 KB 41ms
9ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=1686862092

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

d0ee40eedb99bb4fa8be8aa6825dbc436d3b761c7a49c2e36199039a2557a3eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 866e0dd50ed1d6aae927454bc76521cc
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=1686862092>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 frontend-lite.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/css/ 82 KB
13 KB 48ms
16ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=1686862092

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

00112d544a1e94d514dbcfe83ac6c1082ef4348c2e176cce56b9edefbfe8a98d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 864
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 4f8fbc6630eb3d1f7bd2a6d970f9d1be
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=1686862092>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 swiper.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
3 KB 48ms
15ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=1686862092

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7df35c29a37e9cf8a294d889f71e033b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=1686862092>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-15.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 6 KB
2 KB 47ms
14ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-15.css?ver=1686861847

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

118c43ebad0cf8a8e4d18c0d73316937487c2fc00925652fe977d4dd11bec484

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:52:14 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/16/2023 01:02:05
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: ade1d0db611ea724a2ebd71779a66bf5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1686861847>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 frontend-lite.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor-pro/assets/css/ 11 KB
3 KB 46ms
14ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=1686862092

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

f5df288275b5f604b05fec06b5b90ee3e2eee656a3157c65d099be04a941ad73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1053
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: a0286e4fd6cc3c20ac2aa204796b8e11
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=1686862092>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-102963.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 141 B
892 B 61ms
28ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-102963.css?ver=1686861847

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

40866ec78876a63fea371c77acbb0cf7586aff4bd46a0fb5e801d5f442f62c42

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 06/16/2023 01:19:36
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 74047a8e5ac4e7a1ec81e092a96bc5fd
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-102963.css?ver=1686861847>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-93807.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 3 KB
1 KB 45ms
13ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-93807.css?ver=1686861847

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

f4221e726cd903ea62b23099982f627213f319bad4697da681b33ec82d613500

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: a75c7ce433a582c860dbc01bbb7fedba
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-93807.css?ver=1686861847>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-1266.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 18 KB
3 KB 45ms
13ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1266.css?ver=1686861847

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

6844ea1d998d79155a0763c9946da7c064a293e776d2142c8e91fcacee8542e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1081
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 04ddd7e38537ed3f3e793ab33bcc37ca
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-1266.css?ver=1686861847>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-1271.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 15 KB
3 KB 46ms
14ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1271.css?ver=1686861847

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

0a828dbd42b518c042d31e8c907ce91c852f06759f79a659341c8c4fa74492b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 6f2b98258aca5f8684f08d53a82be0a9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-1271.css?ver=1686861847>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-1386.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 11 KB
3 KB 54ms
22ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1386.css?ver=1686861856

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c85d22b6f7b34795c2daf7b29430762f7ebb504d5897771ff757f2cf23bac895

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 723
cdn-cachedat: 06/16/2023 01:19:36
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7d4725cafe0f685a3907bf8c6baf5b07
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1686861856>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 widget-styles.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 439 KB
60 KB 51ms
19ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=1686862093

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

e47eb53a564c0ad6494d30bcc29fd05742db5874f11ad8d737fedd5f76b89f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:52:15 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 60a48ae63f1b59fdb70dc812df8d1624
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=1686862093>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 responsive.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 30 KB
5 KB 52ms
20ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=1686862093

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 755
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 25d920ce2fe23196a64a96c955051b85
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=1686862093>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 ecs-style.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/ 6 KB
2 KB 52ms
20ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/ecs-style.css?ver=1686862093

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

8cbc49b1385bf29debe95333f04795a6e3a2cf218d88b415b29872d06491fd1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 0ad380dbe9058337bcfd133820ffc1f0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/ecs-style.css?ver=1686862093>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-1444.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 49ms
18ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1444.css?ver=1678361574

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

0800c1bcae9fd7a9ab8bb0fc08bb60392cde06279906b58ba73a9d32c0ef0f8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 722
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 328b2ad382c44457897851601d94a81d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-1444.css?ver=1678361574>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-1462.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 49ms
17ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1462.css?ver=1671033592

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

880bd0c057b2118ce8870a412c9bbc9c744ecc1ffc2e0cec852f0822467a5468

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 722
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 40fddfe1fa4872c6f90954107ef14f0f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-1462.css?ver=1671033592>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-86702.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 878 B
1 KB 48ms
17ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-86702.css?ver=1666612343

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

08d9e28e5a3cf2a632f0a595610c79ae90f8dc50f3dd17914f2e6ef324b100bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1054
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: c24c5b0e22a33957d04c3c4edd4c7c4d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-86702.css?ver=1666612343>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-86773.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 48ms
16ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-86773.css?ver=1666885690

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

06c5b21ed6beb8535987a718d67db031fd8f9658a06e347946420fece8a2d845

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1053
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: db278bde2a5e50430984afdbacb4af90
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-86773.css?ver=1666885690>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-94275.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 1 KB
1 KB 53ms
22ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-94275.css?ver=1666870708

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

21a8d9de57277a54200a816f7c852e39febfb766f6fcecd3d7e8d4c90dd5f55f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 826ee58e8f2cf6f2546195f4bfe9797a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-94275.css?ver=1666870708>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-96442.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 52ms
21ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-96442.css?ver=1680173529

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

5ec0edcab83d68a0bbdaaa014ca2eb993bf8bb3eb9eb5291be25e602a0d50e2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: ece2905e60e97572dffdadd3104b117d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-96442.css?ver=1680173529>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-96443.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 53ms
22ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-96443.css?ver=1684235063

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

edf0c45100bd76408c47b7a27b7cc7a85d776b1baf46de9e33f5b90bff9d5ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 755
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7026bc55cc2ce9ec1b93b9f92b746714
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-96443.css?ver=1684235063>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-96445.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 62ms
31ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-96445.css?ver=1675169689

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

6c64f1f61427b7aff7961cee93a0ee95c454274084a3a9e10aed8496929450d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 1ec4a2dd7ef902c1012f1e63fb1f0f78
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-96445.css?ver=1675169689>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 fontawesome.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
14 KB 52ms
21ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=1686862093

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1047
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 81bfb2631c8f79182e5e73ccfd7b92f7
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=1686862093>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 solid.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 1 KB
1 KB 51ms
21ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1686862093

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

ba034b0b907ed77dd3d266f6eca07839a0d25012641f0c4a259daeaa6a324607

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:52:15 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 863
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: e1e808488d457e4860fa66690fc8608f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1686862093>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 brands.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 1 KB
1 KB 52ms
21ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1686862093

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

667a6ffd7d93f5b62649f4d7debde5d609ac1d1a7696cf0773365284d4ed6b83

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 874
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 63d4b5677921e9ca269dc97ba9be299c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1686862093>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/jquery/ 88 KB
34 KB 56ms
25ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1078
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 1cc6d5185af617c61aad961793eb283f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 jquery-migrate.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/jquery/ 13 KB
6 KB 59ms
29ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 722
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: adfffd67100c1a6204b1dc4c28275fc3
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 language-cookie.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/ 183 B
967 B 55ms
25ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.3

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c1b5e18239636e9eb0b3f7affcfc7e65a5122e67cb56c3711af6258545a93b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1077
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: b69dd93fb60dc5ce4148e929822a2da5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.3>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 ecs_ajax_pagination.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/ele-custom-skin/assets/js/ 3 KB
2 KB 118ms
87ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/ele-custom-skin/assets/js/ecs_ajax_pagination.js?ver=3.1.7

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

2660d715c056a722efa81ed0e917bdad770738e5ac8fe1296cc71a16b053b2ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: db78659537069e3b18ac255108753911
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ecs_ajax_pagination.js?ver=3.1.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 ecs.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/ele-custom-skin/assets/js/ 250 B
966 B 55ms
25ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/ele-custom-skin/assets/js/ecs.js?ver=3.1.7

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

cba788c91ad01b850dc3ff5689cf4234757080a656044ec8757dc51c229440ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 1cb966b841d6f9910c53b222abdc8f4a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ecs.js?ver=3.1.7>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 zlo5wor.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/ 816 B
1 KB 52ms
23ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/zlo5wor.css?ver=1686862094

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

3c1a5c4b5574a4104a92b2e700e6f0fc5b001c4297ebc5a1e76d67b1fbeb1c2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: a31edac4a6e3e9d0a8a6912fa51f4948
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/zlo5wor.css?ver=1686862094>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 qualified.js Show response
js.qualified.com/ 599 KB
147 KB 442ms
415ms Script
text/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97b233caa8e4cccd9127e23d21dd5c24cf5be67955711980a7e079d2b077b579

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
via: 1.1 spaces-router (devel)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 677d1403-2289-dc05-d482-d116281e1d47
pragma: no-cache
x-runtime: 0.017275
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"97b233caa8e4cccd9127e23d21dd5c24"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 7d7f843de85ebbbc-FRA
expires: Fri, 16 Jun 2023 06:10:28 GMT

GET
H2 200 widget-nav-menu.min.css
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/ 26 KB
4 KB 52ms
22ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/widget-nav-menu.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

98207c61fcf676e67a06d6cf9484f341d09c5f23a0ca219529c40c85fae7c319

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 6873f13cb2322fe1901934d75673e6f1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-nav-menu.min.css>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 widget-icon-list.min.css
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/css/ 10 KB
2 KB 49ms
23ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

4fc947cce559d7a19d74d9ceb6e1b7217782cb1a931657d6717efcdeef4c9f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 860
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: a8086ae414d7b0b0fb1bebe8858a1319
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 widget-theme-elements.min.css
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/ 10 KB
3 KB 56ms
31ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

59b2119f2046aaad5900fe6014b9bb207f255441fd23c51b042f597e89cabee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 755
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:17 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 3f30204118d7e3ef5b9f17bc00450171
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 widget-share-buttons.min.css
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/ 30 KB
3 KB 98ms
73ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

999d4cafd1970a72969614e2e533222620ecd840c1a8606a7d3509d403667960

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1078
cdn-cachedat: 06/16/2023 01:19:36
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 5d13615a4ba90a34550bf8437e0008ab
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 widget-posts.min.css
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/ 14 KB
3 KB 49ms
24ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

50f7e438bddecb1aad132731a0ea9a014007cdfcc9915a26ed46afb8e8c2a76c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1078
cdn-cachedat: 06/16/2023 01:19:36
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: ed9c1d36eb2373c4e33800026df884b5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-9276.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 4 KB
2 KB 50ms
25ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-9276.css?ver=1686861848

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

8f9de5ce0bd559fccdcf15f73bef8d60af03428ea4c33222985a6644d1351b35

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1049
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 75b6bb9327140def323f286e5c11952a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-9276.css?ver=1686861848>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-9277.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 5 KB
2 KB 49ms
24ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-9277.css?ver=1686861848

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

80ae295e1e684f6903ca3b3896fb69550a5051c018482eae7d601f5a270c5f83

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1079
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 849edcfc6d09f92e47f4e7f579abf16b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-9277.css?ver=1686861848>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-9907.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 48ms
24ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-9907.css?ver=1686861848

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

b4d6f31b12061ce5f7eb43054704209c45634f84c8dcfd0666907f33fa527401

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:52:15 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1077
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 752247b22fe1cf02674f224bc1230a52
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-9907.css?ver=1686861848>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-94175.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 48ms
23ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-94175.css?ver=1686861848

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

f18d03ea1db25769e0297f023bbb4f700a35027e4b26c8ce2cea90dd91956cef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 91182ba5948eac773424eaadc4767e9f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-94175.css?ver=1686861848>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-94173.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 2 KB
1 KB 48ms
23ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-94173.css?ver=1686861848

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

ff0ef2b4514a9a824e24181bd336b7b282a0ff614b16dcc9484470aa337c15a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1048
cdn-cachedat: 06/16/2023 01:02:05
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: f0c93f246513bcccede9599b569a56d1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-94173.css?ver=1686861848>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 regular.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 1 KB
1 KB 49ms
24ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=1686862126

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

7ecfcb6364417265a3fe2b85356392477258f5c6c9814085501cba10537b92e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1047
cdn-cachedat: 06/16/2023 01:19:36
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 3bd543fed475eab0cb73d2da7b99b2de
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=1686862126>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 post-96724.css
ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/ 6 KB
2 KB 49ms
25ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-96724.css?ver=1686861848

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

a6dc3ba048207f5858574b196a46bbd908c150589d97855f074f567b3af8d43b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1081
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: bf4aaa22ea9edb5ef5d755aaed536b1b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/uploads/elementor/css/post-96724.css?ver=1686861848>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 animations.min.css
ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
4 KB 50ms
26ms Stylesheet
text/css 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=1686862094

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

a144b7eb90f5589866d0546b15df7c4473c9ff44b079490e449c0ad96bb82511

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 752
cdn-cachedat: 06/16/2023 01:02:04
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 4e9d014900656811f4aad922208aaec9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=1686862094>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 lazysizes.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/ewww-image-optimizer/includes/ 14 KB
6 KB 50ms
26ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=702

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c05a1108c176130e9dff2f6a5ebdb60be1c3e17b5a8f83de35b29f44fb109434

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1075
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 8e7be10b57932dae9ebd4c123472e70b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=702>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 navigation.js Show response
ep67mn3zn7v.exactdn.com/wp-content/themes/cofense/js/ 2 KB
1 KB 51ms
26ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/themes/cofense/js/navigation.js?ver=1.0.0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

3c60f28ac63eb4fed3d219aba2496cb5da8b96a1db54a8d9b5c87ada17e42c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 756
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 87eaccb0d4028cdc417a16b363bf5e32
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/themes/cofense/js/navigation.js?ver=1.0.0>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 frontend-script.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/ 39 B
850 B 50ms
26ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.8.8

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

89b87d53f74bf77c35b63352937c490fa8e07f70eb549d9307ea8e945fc00bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
content-length: 39
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 6e14e38f0de2a5340e091fa0910b7cc8
link: <https://cofense.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.8.8>; rel="canonical"
cdn-requestcountrycode: DE
cdn-status: 200
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullsuccess: True

GET
H2 200 widget-scripts.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 134 KB
40 KB 53ms
29ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.8.8

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

f73a370f3d0a4f11a2388b9d5d876f979c921d2d5290460ee6b25b289e63ca8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 755
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 4ff64673904d9cb83241fc2974f36b2a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.8.8>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 204 heartbeat.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/wp-rocket/assets/js/ 0
549 B 223ms
199ms Script
text/plain 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/wp-rocket/assets/js/heartbeat.js?ver=3.13.4
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1075 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
cdn-edgestorageid: 1054
cdn-cachedat: 06/16/2023 02:10:28
cdn-pullzone: 788245
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 204
vary: Accept-Encoding
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestid: c1e4e61136b579b6d7bfa17d10d7e829
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 204
cdn-requestpullsuccess: True

GET
H2 200 jquery.smartmenus.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/ 25 KB
9 KB 51ms
28ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: b8e8b0915ee7b5f6a2db47c4d759019c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 imagesloaded.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/ 5 KB
3 KB 53ms
29ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 2de2062666393a736845827c1133612a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 webpack-pro.runtime.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 51ms
27ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

afc24dfed8f3f2749e5cbe4a86053b55e5c063c23ea09ddf40544a0bfe03ae0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 860
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: efc44a97b2bebae2c7b8e3f4b4283467
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 webpack.runtime.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 51ms
28ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.13.4

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

5565d96a4b66a49049a7fca5dfc8d26ebe0336778006052124283abb0347be8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 722
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 7000fc90252f8df30e6d47743cb15bf1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.13.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 frontend-modules.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/ 45 KB
16 KB 50ms
27ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.13.4

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c478a21227c8c63ed9b7ecb07c06e3a99cb6e4a253aeed7687fe43d5b0aa13d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1054
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 05bc88fa5226fe23f7b8e28c74d0d923
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.13.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 wp-polyfill-inert.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 50ms
27ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 864
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 36c439b505d63375d5f431711ef47c6f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 regenerator-runtime.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 50ms
27ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1049
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 54e393400c2bc656c327e7a575ebfe5d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 wp-polyfill.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/dist/vendor/ 17 KB
8 KB 95ms
72ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:27 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1049
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 9c01efb44d9d42d74a3b23747b47edca
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 hooks.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/dist/ 5 KB
3 KB 53ms
30ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 755
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: cf91c61a454d5b3519e47683bf0e17be
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 i18n.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/dist/ 10 KB
5 KB 52ms
30ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1048
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 550b8bd336244b8223564dac180bf869
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 frontend.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
8 KB 52ms
29ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.13.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

51f36864e3fb5b3479d50de93d44403cee100c743cb5c97a1da0b924ca671a86

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 864
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 5129eff274fcecece1976e10acd774ff
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.13.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 waypoints.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
4 KB 51ms
28ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1081
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 637eeabfb4e922ef04114d90cc0830ba
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 core.min.js Show response
ep67mn3zn7v.exactdn.com/wp-includes/js/jquery/ui/ 21 KB
8 KB 52ms
30ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1048
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: ff6a8639ae2c09429c2e9c5619dbdb01
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 frontend.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/ 40 KB
14 KB 50ms
27ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.4

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

3f5eb651e087476c3214a5fbb8b77346f7f0dff068c3d961c6070424746fb9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1053
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: a25e144af601d02cf42db7369b6082f8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.4>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 elements-handlers.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/ 29 KB
8 KB 52ms
30ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.13.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c77732d85f58d3043711126b16c097d4b56bb2a0da1a75d526633a6b34c10427

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1077
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 5815e0bc395622fa4d250bb1aadd37fa
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.13.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 animate-circle.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 809 B
1 KB 94ms
72ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js?ver=2.8.8

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

38c0429f151c63509ad519a07d59304a62c2d72e3ae31ec9557bc7bd60c5e1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 865
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 24f3a08a45d3f203c77ff2632a2f05ae
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js?ver=2.8.8>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 elementor.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 18 KB
6 KB 53ms
31ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=2.8.8

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

cce09b94f024a9f454d77ef89ce7eaf3dc4e54efa358ad7bbbc0f24fed038b3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:16 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1054
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:16 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 38de1d5b4bb2ffa584fe0b53adf7bc2a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=2.8.8>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 jquery.sticky.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 52ms
30ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.13.2

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 21:02:25 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1082
cdn-cachedat: 06/15/2023 22:44:58
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:07 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 34ef1251d0e2d5f306b966b034fbae8f
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.13.2>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 lazyload.min.js Show response
ep67mn3zn7v.exactdn.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
4 KB 9ms
9ms Script
text/javascript 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:17 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 863
cdn-cachedat: 06/15/2023 22:44:59
cdn-pullzone: 788245
last-modified: Thu, 15 Jun 2023 20:51:17 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: f2fd660c72dec4772cc45c1706156a40
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
link: <https://cofense.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js>; rel="canonical"
cdn-requestpullsuccess: True

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 101ms
20ms Stylesheet
text/css 2a02:26f0:3100::1735:28c8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=zlo5wor&ht=tk&f=26014&a=103167865&app=typekit&e=css
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/zlo5wor.css?ver=1686862094
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100::1735:28c8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ep67mn3zn7v.exactdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
last-modified: Fri, 21 Apr 2023 14:15:25 GMT
server: nginx
etag: "64429a7d-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 315 KB
102 KB 63ms
34ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83de9f5aeb882799230afceeb97d4b10b9fcd2cfbece333bc08330d1b8710627

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104448
x-xss-protection: 0
last-modified: Fri, 16 Jun 2023 00:25:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Jun 2023 02:10:28 GMT

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13ba7d85cedf2d5b14f9091119f9067689bdc33edde1d37a654787d416fbca34

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab33e15010c0647406c907d0673d78ed76bc86e99f0da829fbba15764ae5d64a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ec9bc6ff2373cb7beaa4ee3aab0c309f2d3374acafd7aa72149eb576bdb8d8c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7026f577e81c8795ae1937bf94458013d76f57ae4d3050958d263b53ae649b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03c931693d2884fd1d821ee8da925b056afa4a385d0b27bcc561b9d360e2abb3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a2270e5251bfd3e667d9929bc42f80f0cf667f0c6c39e15f2f2b7cc7b2a326d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00680538d6e239e5e1b644d3b1242f64ca2473018142604d9a3c91b221038cd2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5be99a090bad0d26720d462cd38bd7c05ce834fe1d3f886f619903ece0bde331

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 448e504be98d9c8d01cf47235e76ca080bc20a7e62199b9591cd264f3a80520f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39eeb47a5d22f99100deb70fc52831d17942755c4e48e1b41f69274c924f3128

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 NETWORKHEADERBG-1.png
ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/06/ 40 KB
40 KB 9ms
9ms Image
image/webp 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/06/NETWORKHEADERBG-1.png?strip=all&lossy=1&ssl=1

Requested by

Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1386.css?ver=1686861856

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

2cb2dbcaef23560aab640aaa379e55b607c905a3f8f41b813679e5e503ecdf17

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-1386.css?ver=1686861856
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:18 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 1081
cdn-cachedat: 06/16/2023 01:19:39
cdn-pullzone: 788245
content-length: 40664
last-modified: Thu, 15 Jun 2023 20:51:17 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 0233895011e51977948bbc99efa7a5c9
link: <https://cofense.com/wp-content/uploads/2022/06/NETWORKHEADERBG-1.png>; rel="canonical"
cdn-requestcountrycode: DE
cdn-status: 200
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullsuccess: True

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 36ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 09 Jun 2023 15:40:37 GMT
x-content-type-options: nosniff
age: 556191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 08 Jun 2024 15:40:37 GMT

GET
H2 404 Inter-Medium.ttf
ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/05/ 0
0 369ms
350ms Font
text/html 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/05/Inter-Medium.ttf
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-15.css?ver=1686861847
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1075 /
Resource Hash

Request headers

Referer: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/elementor/css/post-15.css?ver=1686861847
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cdn-edgestorageid: 1078
cdn-cachedat: 06/16/2023 02:10:28
cdn-pullzone: 788245
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 404
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: no-cache
cdn-requestid: e84d59e7529e5e4123159c751d4d24a3
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 404
cdn-requestpullsuccess: True

GET
H2 200 fa-solid-900.woff2
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 76 KB
77 KB 31ms
13ms Font
font/woff2 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1686862093

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1686862093
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:18 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 06/16/2023 00:35:30
cdn-pullzone: 788245
content-length: 78196
last-modified: Thu, 15 Jun 2023 20:51:18 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 2ec54fde1813fced80b9be0083592706
link: <https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2>; rel="canonical"
cdn-requestcountrycode: DE
cdn-status: 200
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullsuccess: True

GET
H2 200 fa-brands-400.woff2
ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
76 KB 39ms
21ms Font
font/woff2 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1686862093

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ep67mn3zn7v.exactdn.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1686862093
Origin: https://cofense.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:18 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 1054
cdn-cachedat: 06/16/2023 00:35:30
cdn-pullzone: 788245
content-length: 76764
last-modified: Thu, 15 Jun 2023 20:51:18 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 12820c6bd98cc02cfc94717adde149b7
link: <https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2>; rel="canonical"
cdn-requestcountrycode: DE
cdn-status: 200
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullsuccess: True

GET
H2 200 6si.min.js Show response
j.6sc.co/ 35 KB
11 KB 46ms
8ms Script
application/javascript 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 May 2023 00:27:16 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64641f64-8a3f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 11052
expires: Fri, 16 Jun 2023 02:10:28 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 79ms
25ms Script
application/x-javascript 2a02:26f0:3100::1735:28c0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28c0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=15995
accept-ranges: bytes
x-datastream-cache-status: 1
content-length: 4777

GET
H2 403 lt-v3.js
lltrck.com/scripts/ 0
0 293ms
92ms Script
text/html 52.206.79.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lltrck.com/scripts/lt-v3.js?llid=19612
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.79.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-79-35.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 2Uq3HoQoVZEHgHXXf288 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 214ms
190ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/2Uq3HoQoVZEHgHXXf288

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

080a32473ff3251bc3aacdc6c17674015e6a63fdf9e673ff25404241930ef9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7d7f84400d899960-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 31ms
8ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:28 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 oktrk.js Show response
static.oktopost.com/ 9 KB
4 KB 63ms
18ms Script
application/javascript 108.138.36.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.oktopost.com/oktrk.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-118.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 00:17:03 GMT
content-encoding: gzip
via: 1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
last-modified: Mon, 27 Jan 2020 09:47:41 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 6806
etag: W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: YFvXWjB0GiOfTpk9fZWwB7Y_uBOR-Ks22y9_G0GUYvD6ZIceWKlUvg==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 66ms
38ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 32589
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7d7f844008839bec-FRA
expires: Fri, 16 Jun 2023 02:30:28 GMT

GET
H2 200 ed9ggbnvvo Show response
www.clarity.ms/tag/ 1 KB
2 KB 151ms
106ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/ed9ggbnvvo?ref=gtm2
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6e1295510037052987bc341169ff78b1bee8a71b91ec3add8493e591746fd804

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: -1
date: Fri, 16 Jun 2023 02:10:28 GMT
x-azure-ref: 20230616T021028Z-tykk1fgrgt1f9bhywvmpna5hhw00000002r0000000001s9q
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1213
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
91 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bfd1efc74ee004a038714e406cb4c87cbe267c51fd4492f940e108eebbe0e7c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 16 Jun 2023 02:10:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 16 Jun 2023 01:04:46 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 3942
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Fri, 16 Jun 2023 03:04:46 GMT

GET
H2 200 9017396.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 79ms
9ms Script
text/javascript 146.75.118.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/9017396.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.118.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits: 40885
date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
via: 1.1 varnish
age: 20548032
x-cache: HIT
content-length: 5579
x-served-by: cache-fra-eddf8230066-FRA
last-modified: Thu, 20 Oct 2022 22:49:15 GMT
server: Apache
x-timer: S1686881429.561909,VS0,VE0
etag: "421e-5eb7f2274b0c0-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
x-vimeo-dc: ge
x-bapp-server: assets-769d499c7b-6rkpw
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Oct 2032 06:23:15 GMT

GET
H2 200 dialog.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/lib/dialog/ 10 KB
4 KB 161ms
160ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
etag: W/"64405228-29fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f844059572ba3-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 cofense.png
ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/06/ 3 KB
4 KB 16ms
15ms Image
image/webp 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/06/cofense.png?strip=all&lossy=1&ssl=1

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1075 /

Resource Hash

c45f781964e97c179059fb620032eddab4a86bf8af6cd3f7460b2fa839fedb10

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Fri, 14 Jun 2024 20:51:18 GMT
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
cdn-edgestorageid: 860
cdn-cachedat: 06/16/2023 01:02:05
cdn-pullzone: 788245
content-length: 3568
last-modified: Thu, 15 Jun 2023 20:51:18 GMT
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 200
content-type: image/webp
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31536000
cdn-requestid: 14195aa188aa9efe12cb417dbc5a7eac
link: <https://cofense.com/wp-content/uploads/2022/06/cofense.png>; rel="canonical"
cdn-requestcountrycode: DE
cdn-status: 200
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullsuccess: True

GET
H2 404 Figure1-1.png.WM-1.png
ep67mn3zn7v.exactdn.com/wp-content/uploads/2023/06/ 31 B
31 B 257ms
257ms Image
text/html 2400:52e0:1e00::1075:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/2023/06/Figure1-1.png.WM-1.png?strip=all&lossy=1&resize=1024%2C1721&ssl=1
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1075:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1075 /
Resource Hash: 8908a8114adb7f7825bc1e2b634946bf87489f37c1c82bc2c38bb49b3dda98e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cdn-edgestorageid: 1081
cdn-cachedat: 06/16/2023 02:10:28
cdn-pullzone: 788245
server: BunnyCDN-DE1-1075
cdn-proxyver: 1.03
cdn-requestpullcode: 404
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cdn-cache: MISS
cdn-uid: 282460b1-e21e-44b6-a162-b4892cda4727
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: no-cache
cdn-requestid: 889add957c856b39ada1abc96b85fc2c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 404
cdn-requestpullsuccess: True

GET
H2 200 nav-menu.3347cc64f9b3d71f7f0c.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 179ms
179ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3347cc64f9b3d71f7f0c.bundle.min.js
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8ca05b79f50f584d7d9da9273bd20c241ec7eadf0c8592cd37cb3c1afbc7ed6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 20:21:21 GMT
server: cloudflare
etag: W/"646d2041-1231"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f844069622ba3-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/js/ 1 KB
898 B 22ms
21ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.13.4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dd40c1df9167d9d73fb014f4d1b4317e9455e08deb5738e7914e579e7662c78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 30 May 2023 20:35:21 GMT
server: cloudflare
age: 14286
etag: W/"64765e09-550"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f8440babcbb9d-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 share-buttons.0bdd88c45462dfb2b073.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 1 KB
786 B 181ms
180ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.0bdd88c45462dfb2b073.bundle.min.js
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 198905bddb47215ef14ccde8955cacd96f6b9170681ded0d57305601642da798

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 20:21:22 GMT
server: cloudflare
etag: W/"646d2042-4bd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f8440dacfbb9d-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 load-more.c9f6aac03af905f4e206.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 161ms
160ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/load-more.c9f6aac03af905f4e206.bundle.min.js
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60c30c30b2994c53ef3cabd89167d58914408912f4e7ebefa163997f1603f8f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 23 May 2023 20:21:21 GMT
server: cloudflare
etag: W/"646d2041-15eb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f8440dad2bb9d-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 posts.e33113a212454e383747.bundle.min.js Show response
cofense.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
1 KB 22ms
22ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/posts.e33113a212454e383747.bundle.min.js
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.13.2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f02bfc3bc0b8301eb6099b0af18bf0a90a11a50891564a4a6f3697625b3167e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 23 May 2023 20:21:22 GMT
server: cloudflare
age: 6037
etag: W/"646d2042-cfd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f8440dad4bb9d-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
6 KB 13ms
13ms Script
application/x-javascript 23.197.137.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.137.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-137-224.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:28 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Sun, 24 Sep 2023 02:10:28 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
807 B 48ms
13ms XHR
application/json 185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Jun 2023 02:10:28 GMT
AN-X-Request-Uuid: 183105c9-90ec-4c65-8dbc-fcbc8fe6b7a7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://cofense.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 81.95.5.38; 81.95.5.38; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
190 B 16ms
8ms XHR
text/html 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-208.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://cofense.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 14 B
289 B 38ms
8ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: def9a88d4a332592de159183fb036d27d6a7fe94bfd472b69bd694a35201e8d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://cofense.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:2b::3
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468578_34603374_822315308_22_682_7_0_-";dur=1
content-length: 14
expires: Fri, 16 Jun 2023 02:10:28 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
190 B 14ms
7ms XHR
text/html 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-208.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://cofense.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 14 B
289 B 36ms
7ms XHR
text/html 2a02:26f0:7100::210:172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: def9a88d4a332592de159183fb036d27d6a7fe94bfd472b69bd694a35201e8d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://cofense.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:2b::3
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468578_34603374_822315309_22_673_7_0_-";dur=1
content-length: 14
expires: Fri, 16 Jun 2023 02:10:28 GMT

GET
H2 200 ping Show response
okt.to/ 0
100 B 309ms
104ms Script
text/javascript 34.200.97.200
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://okt.to/ping?uri=%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&aid=001shx33p56dsdg&ts=1686881428639

Requested by

Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.200.97.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-200-97-200.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
strict-transport-security: max-age=31536000;
content-type: text/javascript;charset=UTF-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
346 B 60ms
20ms XHR
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-114787942-1&cid=1401364592.1686881429&jid=1386531578&gjid=1798774474&_gid=2107270287.1686881429&_u=YGBAgUABAAAAAEAAI~&z=468118597

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
193 B 11ms
7ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&aip=1&a=1556921061&t=pageview&_s=1&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&ul=en-us&de=UTF-8&dt=Xneelo%20Users%20Targeted%20in%20a%20Multi-stage%20Phishing%20Attack%20%7C%20Cofense&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgUABAAAAAAAAI~&jid=1386531578&gjid=1798774474&cid=1401364592.1686881429&tid=UA-114787942-1&_gid=2107270287.1686881429&gtm=45He36e0n815RQ37KH&z=142713682

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 23:25:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 9919
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 38ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je36e0&_p=1556921061&_gaz=1&cid=1401364592.1686881429&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686881428&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&dt=Xneelo%20Users%20Targeted%20in%20a%20Multi-stage%20Phishing%20Attack%20%7C%20Cofense&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 20ms
19ms Ping
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3G76T4W3LR&cid=1401364592.1686881429&gtm=45je36e0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 45ms
21ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3G76T4W3LR&cid=1401364592.1686881429&gtm=45je36e0&aip=1&z=1324422672

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
467 B 118ms
117ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1686881428702&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 17654763
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
via: 1.1 google
x-guploader-uploadid: ADPycduh5_oVIY0XniXVKMBtDLmJmPSBb6kyGoyCVG0GzFRUG4BK6iqHeV3KCOPfvZ73xqAJzUo2A-sliHHm22C5ZQOLww
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Fri, 16 Jun 2023 03:10:28 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 143ms
111ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1686881428702&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 02:10:28 GMT
expires: Fri, 16 Jun 2023 02:10:28 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdtl3JDEI-TfQPxcqMDHLOCjFGHXsZUH7pkIbrS6r-nCgekDIVBAn59aZLmrBOHOM8yZx-F4afNR3yNsK70_lQd0nQ

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/300721/domain/cofense.com/ 36 B
375 B 69ms
19ms XHR
application/json 2600:9000:237d:1800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/300721/domain/cofense.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:1800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 01:19:42 GMT
content-encoding: gzip
via: 1.1 75964e4626dd702b8dac2690031df25a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 3046
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 3khI6s4TnclHVnJUcxds9a58wK08rClDDzQ1Y03P-GB1Jog5DtE_DA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1686881428706%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=tr...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=t...

0
265 B

189ms
103ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJQdG16HYZe_gAAAYjB9-gZCfnZq6NhCY4wwZ70DKnqMjOnbuPbDG6a71MueuIJ
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 99C6B348A50049669A4D287983F77D12 Ref B: FRAEDGE1910 Ref C: 2023-06-16T02:10:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX+NbBlZkUjGPn0PI/NGg==

Redirect headers

date: Fri, 16 Jun 2023 02:10:28 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 2847BABAB86B403ABD758C7630B09F2F Ref B: DUS30EDGE0311 Ref C: 2023-06-16T02:10:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1686881428706&url=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJQdG16HYZe_gAAAYjB9-gZCfnZq6NhCY4wwZ70DKnqMjOnbuPbDG6a71MueuIJ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX+NbBihpacO3nIQ9+g0w==

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.8/ 57 KB
24 KB 21ms
16ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.8/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/ed9ggbnvvo?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: br
last-modified: Mon, 12 Jun 2023 16:14:21 GMT
etag: W/"0x8DB6B6014B0AA22"
vary: Accept-Encoding
x-azure-ref: 20230616T021028Z-tykk1fgrgt1f9bhywvmpna5hhw00000002r0000000001sa5
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: fdd9dea1-401e-000a-4df5-9e8a6c000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 49ms
21ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-114787942-1&cid=1401364592.1686881429&jid=1386531578&_u=YGBAgUABAAAAAEAAI~&z=1690837543

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 24ms
20ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-114787942-1&cid=1401364592.1686881429&jid=1386531578&_u=YGBAgUABAAAAAEAAI~&z=1690837543

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 204ms
199ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a36d7e8d-f6ec-48e7-8f45-cd5810ff5a32&session=368dbaae-ce15-4332-8618-b82390093e4e&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22a9e769d7d96a596f969b9dc5023033e21a69bf40%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Jun%202023%2002%3A10%3A28%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Get%20the%20details%20of%20this%20multi-stage%20phishing%20attack%20targeting%20Xneelo%20customers%20and%20learn%20how%20to%20protect%20yourself%20against%20similar%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Xneelo%20Users%20Targeted%20in%20a%20Multi-stage%20Phishing%20Attack%20%7C%20Cofense%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&pageViewId=e47c88e5-124e-40ac-8234-d2f308a8c16c&an_uid=0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 193ms
192ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a36d7e8d-f6ec-48e7-8f45-cd5810ff5a32&session=368dbaae-ce15-4332-8618-b82390093e4e&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2b%3A%3A3%22%7D&isIframe=false&m=%7B%22description%22%3A%22Get%20the%20details%20of%20this%20multi-stage%20phishing%20attack%20targeting%20Xneelo%20customers%20and%20learn%20how%20to%20protect%20yourself%20against%20similar%20threats.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Xneelo%20Users%20Targeted%20in%20a%20Multi-stage%20Phishing%20Attack%20%7C%20Cofense%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&pageViewId=e47c88e5-124e-40ac-8234-d2f308a8c16c&an_uid=0

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 200
OK visitWebPage
404-jhu-612.mktoresp.com/webevents/ 2 B
318 B 598ms
116ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://404-jhu-612.mktoresp.com/webevents/visitWebPage?_mchNc=1686881428778&_mchCn=&_mchId=404-JHU-612&_mchTk=_mch-cofense.com-1686881428778-12667&_mchHo=cofense.com&_mchPo=&_mchRu=%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:29 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: c1630b9a-fa21-455f-bd6b-10311d37263c

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 56ms
11ms Preflight 52.59.122.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.122.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-122-211.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://cofense.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://cofense.com
access-control-max-age: 1800
date: Fri, 16 Jun 2023 02:10:28 GMT
server: nginx

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 740 B
578 B 52ms
2ms XHR
application/json 52.59.122.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.122.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-122-211.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e7559ab7e4e088ec4c76a2777e7d98f4afd7032585a660c10e521dfa931d7273

Request headers

Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
Authorization: Token a9e769d7d96a596f969b9dc5023033e21a69bf40
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:28 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://cofense.com
access-control-allow-credentials: true
content-length: 396

GET
H3 200 share-link.min.js Show response
cofense.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 448ms
436ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://cofense.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.13.4
Requested by: Host: ep67mn3zn7v.exactdn.com
URL: https://ep67mn3zn7v.exactdn.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 19 Apr 2023 20:42:16 GMT
server: cloudflare
etag: W/"64405228-a3c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d7f84432c7ebb9d-FRA
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK 470422b4-1663-4e64-b813-f8610efd6a22
https://cofense.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://cofense.com/470422b4-1663-4e64-b813-f8610efd6a22
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

POST
H/1.1 204
No Content collect Show response
g.clarity.ms/ 0
291 B 410ms
125ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cofense.com
Date: Fri, 16 Jun 2023 02:10:29 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

POST
H/1.1 204
No Content collect Show response
g.clarity.ms/ 0
291 B 466ms
254ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cofense.com
Date: Fri, 16 Jun 2023 02:10:29 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/H3wWDXLUxD4irieG/ Frame 14B0 6 KB
3 KB 397ms
118ms Document
text/html 34.196.185.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

34.196.185.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-196-185-66.compute-1.amazonaws.com

Software

Resource Hash

6845df28f29513ec75be0a4ded9a3b837d31204cd8a0a5e2ef26a7fe9053f71a

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cofense.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1711
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Fri, 16 Jun 2023 02:10:29 GMT
Etag: W/"6845df28f29513ec75be0a4ded9a3b83"
Link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (devel)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 73eed5de-baf4-4767-980f-600493d74242
X-Runtime: 0.022358
X-Xss-Protection: 1; mode=block

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 259ms
228ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 messenger-94e6eccc.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame 14B0 35 KB
7 KB 26ms
17ms Stylesheet
text/css 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-amz-version-id: CR7RLVOSvN8A59.U_Z8vAhDQbuXMYHqb
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Jan 2023 23:05:35 GMT
server: cloudflare
x-amz-request-id: 90FWQHM1YN0C4AZ0
age: 2320
etag: W/"a788ecf510f83ee517cbaf79306145dd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7d7f84489870bbbc-FRA
x-amz-id-2: rLqAcBUjCR5iItU2BmaSomv6EBclRN5fXi6l55J/N8krCig+rJdq2Kyy59scvA6+BkA5YO2cQj1KXQAiAsBZ5Q==
expires: Fri, 16 Jun 2023 06:10:29 GMT

GET
H2 200 messenger-84a66aeb.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 14B0 5 KB
1 KB 24ms
15ms Stylesheet
text/css 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css
Requested by: Host: cofense.com
URL: https://cofense.com/blog/xneelo-users-targeted-in-a-multi-stage-phishing-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-amz-version-id: RuQi5GOo1hqbX6GFZui6YyPZ0XQ1C5E6
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 87WCQR418JZVSXNA
age: 699
x-amz-server-side-encryption: AES256
x-amz-id-2: iySJJL1mjeoq19kwudTNrL9KoNn+0HpEUspqVSrfJ3TtLUQvqZro1IgTbf/TVZSQMLn9j/zk3qk=
last-modified: Tue, 14 Mar 2023 23:12:27 GMT
server: cloudflare
etag: W/"22d5f23e695250d3c5a5b1e76a015c5e"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7d7f84489871bbbc-FRA
expires: Fri, 16 Jun 2023 06:10:29 GMT

GET
H2 200 messenger~runtime-f388d7aeb532b2c76117.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame 14B0 2 KB
2 KB 15ms
14ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-f388d7aeb532b2c76117.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 803404a05c88a11fef303fe387fe99315b437ad7bfa0e54bdea0cdb46045da13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-amz-version-id: sxMvQ6ueIVL5rUtH1NUHE3_HvJiAr_hI
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: YNKN2JZRATPDW81C
age: 4794
x-amz-server-side-encryption: AES256
x-amz-id-2: d3AW2uIzTTHAssakuoHXIVPYkGPPSenA/P1UZ9FL8WGz0qY8WtJ5/Uv+U3IM1AwAesOmRzOgiTGsyUWHzou0FEX7PFkGsqhHImRF9T4Mqvs=
last-modified: Fri, 16 Jun 2023 00:48:52 GMT
server: cloudflare
etag: W/"c08e9215bb8d0fb3391477980e959073"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7d7f84489873bbbc-FRA
expires: Fri, 16 Jun 2023 06:10:29 GMT

GET
H2 200 messenger-d0f79f48564dd7163469.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame 14B0 1 MB
344 KB 21ms
21ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f79f48564dd7163469.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f59a29fec29f623f2dbb2e96b3fd36aef041bbe8ea187832822d3de57ec493c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-amz-version-id: 00ziWlPAkvNHrW0KFrktXhSmg6f54yCq
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: D6EQVT49B39RWFXV
age: 7108
x-amz-server-side-encryption: AES256
x-amz-id-2: LXJ1JrAqCiwmft884/gjqvrDdZZJSMMdXJjzEbjJgFaymElBY0AIfan7s2Dzmh+s08iTGss07jM=
last-modified: Wed, 07 Jun 2023 19:33:57 GMT
server: cloudflare
etag: W/"2e46f6fc75cea3f880477d19a714a367"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7d7f84489872bbbc-FRA
expires: Fri, 16 Jun 2023 06:10:29 GMT

GET
H2 200 messenger-ff69f2dc6f3ee55be616.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 14B0 604 KB
159 KB 15ms
15ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-ff69f2dc6f3ee55be616.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72423590d80306eea128de0a639417fa126541e34ccc4fc2ee2db7c5faae23f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:29 GMT
x-amz-version-id: rCQjNnWSGYmZyF_CYul3d2swCwy7E6E1
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: YNKNPSYBFJ2NHH17
age: 4794
x-amz-server-side-encryption: AES256
x-amz-id-2: nh72o4ngn7wMJDND9p8jANNdT7CZ1A5AcfyWm0D9olq16He/HzIT5FRtE0apyOPQHuj0mhMX+GA=
last-modified: Fri, 16 Jun 2023 00:48:52 GMT
server: cloudflare
etag: W/"fcc0b69b5934cef1bfd50591c814b14b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7d7f8448a886bbbc-FRA
expires: Fri, 16 Jun 2023 06:10:29 GMT

GET
H2 200 Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 14B0 97 KB
97 KB 163ms
15ms Font
font/woff2 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:30 GMT
x-amz-version-id: Ts0p7fbKsZIFu_VEk6HOvm9iYpTRKuos
cf-cache-status: HIT
x-amz-request-id: A014AXCH5HAYN619
age: 16331248
content-length: 98868
x-amz-id-2: IJ/hVgCs33ecZmS06+Ka+dHvpugbE2eU1ZCcp0I9amPp9Dk45jvq9GOwp+V0XScoH+qD8bPUljc=
last-modified: Thu, 08 Dec 2022 23:17:25 GMT
server: cloudflare
etag: "dc131113894217b5031000575d9de002"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7d7f84497e890487-FRA
expires: Sat, 15 Jun 2024 08:10:30 GMT

GET
H2 200 Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 14B0 103 KB
104 KB 170ms
23ms Font
font/woff2 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=a3faa0df-32c6-4004-8810-6ce278a70c59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:30 GMT
x-amz-version-id: ePBeoMCujYBxKBCWHO9COs36tHcpJSw9
cf-cache-status: HIT
x-amz-request-id: A01B2QDFTMXZH5PS
age: 16331248
content-length: 105804
x-amz-id-2: QrEATIdRG82StQ9vuCskL/XEsQIIMY+OzO15MGNTQIYZKmPGvaIhnxUF1uCukz9/QAqZn2UpPyU=
last-modified: Thu, 08 Dec 2022 23:17:25 GMT
server: cloudflare
etag: "007ad31a53f4ab3f58ee74f2308482ce"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7d7f84497e8b0487-FRA
expires: Sat, 15 Jun 2024 08:10:30 GMT

POST
H/1.1 200
OK / Show response
sentry.io/api/1332833/envelope/ Frame 14B0 2 B
537 B 2633ms
2275ms Fetch
application/json 35.188.42.15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f79f48564dd7163469.chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.qualified.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 16 Jun 2023 02:10:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
Server: nginx
vary: origin,access-control-request-method,access-control-request-headers
x-frame-options: SAMEORIGIN
Content-Type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 2
x-xss-protection: 1; mode=block

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=89B333696C2C442A9B7E9AE06BF7EBCB&RedC=c.clarity.ms&MXFR=0812584E252366D32F2E4B7C21236828
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=89B333696C2C442A9B7E9AE06BF7EBCB&MUID=1AFACC173132656B1676DF2530B964FF

42 B
442 B

27ms
27ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=89B333696C2C442A9B7E9AE06BF7EBCB&MUID=1AFACC173132656B1676DF2530B964FF
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:29 GMT
last-modified: Tue, 06 Jun 2023 17:31:23 GMT
server: Microsoft-IIS/10.0
etag: "dca6ffb69c98d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:29 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03970BF87B994401B24DDE7F22B31D03 Ref B: FRA31EDGE0512 Ref C: 2023-06-16T02:10:30Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=89B333696C2C442A9B7E9AE06BF7EBCB&MUID=1AFACC173132656B1676DF2530B964FF
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 2238ms
2238ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H/1.1 204
No Content collect Show response
g.clarity.ms/ 0
291 B 1374ms
1374ms XHR
text/plain 52.182.214.99
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.8/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.182.214.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cofense.com
Date: Fri, 16 Jun 2023 02:10:32 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:7f62cbe7-9d8b-4a41-a628-fbaa3aa5c695

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 1253ms
1253ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 242ms
242ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK 976848be5d3705f67929c776e7c981f073674577458bffa4c5df2500b43cc5d1.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 14B0 7 KB
7 KB 338ms
133ms Image
image/png 3.5.2.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/976848be5d3705f67929c776e7c981f073674577458bffa4c5df2500b43cc5d1.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 35f2fd2da69d4fb87275d7ce76117c573c18ab9c6dbbd08429712af6346c26a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:33 GMT
Last-Modified: Thu, 20 Apr 2023 21:32:06 GMT
Server: AmazonS3
x-amz-request-id: MED95HYW276G78G4
ETag: "28067073f437880b9148c0ab27de6900"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 6908
x-amz-id-2: OgA5TNEFtNQIfJbwpiaGRKgqoFrn2GoZi8nmyMkOpaLwi3jtGwgSxZ62drjH3wf0ddUEnMWv9MgrrbY4gylJ7g==

GET
H2 200 Inter-roman.var-ba4caefcdf5b36b438db92786991c845.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 14B0 222 KB
222 KB 14ms
14ms Font
font/woff2 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-roman.var-ba4caefcdf5b36b438db92786991c845.woff2
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3

Request headers

Referer: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:33 GMT
x-amz-version-id: WWklHViP_Xquset3V0e38cj0ro4lj_BO
cf-cache-status: HIT
x-amz-request-id: Y97QS8N2TJ6ZS6BX
age: 8206903
x-amz-server-side-encryption: AES256
content-length: 227180
x-amz-id-2: zbaNIV03OAED3p+GCYieYK+y7cMsFyMlYDVyCal3HseSrwFUSNi7cQBQR03IylmtWJzkK+ZPLkQ=
last-modified: Sat, 11 Mar 2023 02:12:38 GMT
server: cloudflare
etag: "66c6e40883646a7ad993108b2ce2da32"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7d7f845c8e320487-FRA
expires: Sat, 15 Jun 2024 08:10:33 GMT

GET
H/1.1 200
OK e4b8c4c0b0dba929a105af3f611aec4e2160af14b60ad03d392bd53145e7794a.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 14B0 75 KB
75 KB 206ms
206ms Image
image/png 3.5.2.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/e4b8c4c0b0dba929a105af3f611aec4e2160af14b60ad03d392bd53145e7794a.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 31c0ccd638ccb322587cccfc9b0fead16c8f71c84117557d000982bd35d5abbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:34 GMT
Last-Modified: Wed, 07 Jun 2023 13:51:03 GMT
Server: AmazonS3
x-amz-request-id: 66DT775Y3CECTHYJ
ETag: "a4df968280a5497dc5936b4e957313d0"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 76473
x-amz-id-2: /U/7qJhZO959qDe/PjAN19U24fkvBS+IGhdnbHY5EFqoNrwZWPcvtjF/6xEtKk6vbcxttLvrBHc+xj6wTVnCMQ==

GET
H/1.1 200
OK c48323b29cf159f6d3bca4d91f579245ad7a93ecd29a7ac9ca4592dde6fb7533.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 14B0 58 KB
58 KB 300ms
112ms Image
image/png 3.5.2.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/c48323b29cf159f6d3bca4d91f579245ad7a93ecd29a7ac9ca4592dde6fb7533.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: ef93de8ca046e4a91a8febec6a6094f1f900ecea5dd2730cccc3bee5a09750eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:34 GMT
Last-Modified: Mon, 05 Jun 2023 14:47:17 GMT
Server: AmazonS3
x-amz-request-id: 66DMDF56AR6F9AP4
ETag: "18f9f0c3cbbfc7e12e249a9ad25c31ae"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 59177
x-amz-id-2: alIvsaUJ7JRQ2ra/8RKlZUiUeXFccV9CatLk1r1OSG9F0FjOWNVZj361CvBWsedm50rItOnmfPwqoSAh8txEFA==

GET
H/1.1 200
OK 408ac15d369e4d1b039ab6e562e8edd2caa3136ef08e47f4c07a23892a14371d.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 14B0 74 KB
74 KB 300ms
110ms Image
image/png 3.5.2.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/408ac15d369e4d1b039ab6e562e8edd2caa3136ef08e47f4c07a23892a14371d.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 54b223e455b87c62f46e4bb7586283d9f825ba2e607546769c4e06d5158f2653

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:34 GMT
Last-Modified: Mon, 05 Jun 2023 14:47:17 GMT
Server: AmazonS3
x-amz-request-id: 66DG2RNZ76YYA1RH
ETag: "291916807dc490c866ea59a1a1cb2133"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 75477
x-amz-id-2: mu7HLYZjR8e0rM24U4x0KaSqezA7ldnj6e4lWyFXqXAo3uUCF1SU9nTTDYwf+myv0PrqAyBJkAsBWuwZN0u8hg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 206ms
206ms Image
image/gif 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cofense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 02:10:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 22ms
21ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je36e0&_p=1556921061&cid=1401364592.1686881429&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1686881428&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F&dt=Xneelo%20Users%20Targeted%20in%20a%20Multi-stage%20Phishing%20Attack%20%7C%20Cofense&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cofense.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 16 Jun 2023 02:10:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cofense.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/e4b8c4c0b0dba929a105af3f611aec4e2160af14b60ad03d392bd53145e7794a.png
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f79f48564dd7163469.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 31c0ccd638ccb322587cccfc9b0fead16c8f71c84117557d000982bd35d5abbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:35 GMT
Last-Modified: Wed, 07 Jun 2023 13:51:03 GMT
Server: AmazonS3
x-amz-request-id: ENW64KXZ84DMQGK5
ETag: "a4df968280a5497dc5936b4e957313d0"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 76473
x-amz-id-2: Ky6VABF5+RSwKwwxphZjizL1sSovg1tkM5TMiFhLlCA4EQwYODuTZG/YTb6si5g+3f/PLrqgC3iANiGAlQzWgw==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/c48323b29cf159f6d3bca4d91f579245ad7a93ecd29a7ac9ca4592dde6fb7533.png
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f79f48564dd7163469.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: ef93de8ca046e4a91a8febec6a6094f1f900ecea5dd2730cccc3bee5a09750eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:35 GMT
Last-Modified: Mon, 05 Jun 2023 14:47:17 GMT
Server: AmazonS3
x-amz-request-id: ENWCHK7V9R3WXJQ2
ETag: "18f9f0c3cbbfc7e12e249a9ad25c31ae"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 59177
x-amz-id-2: ZrZevh/rRa8ul8tc6SYxShybvacTlmk7VzmFKMpOrgjb27HtwsBkL9cx9HdvLY1peO6RwHFCkTl9/z9HF1fvLw==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/408ac15d369e4d1b039ab6e562e8edd2caa3136ef08e47f4c07a23892a14371d.png
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f79f48564dd7163469.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.2.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 54b223e455b87c62f46e4bb7586283d9f825ba2e607546769c4e06d5158f2653

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Fri, 16 Jun 2023 02:10:35 GMT
Last-Modified: Mon, 05 Jun 2023 14:47:17 GMT
Server: AmazonS3
x-amz-request-id: ENW3AZ27KK9JRYHR
ETag: "291916807dc490c866ea59a1a1cb2133"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 75477
x-amz-id-2: 3D0IWENZDszk0c7mzBhavowkC6qMrdoGuzp3D8NcyitbflvVG0tAaD9+dGnB/WvC1jKMh/oYrNXn4a8C7XSxQg==

Verdicts & Comments Add Verdict or Comment

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cofense.com/	1970-01-20 14:44:17	Name: _gcl_au Value: 1.1.1562618008.1686881428
.cofense.com/	1970-01-20 22:10:41	Name: attr_first Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F%22%2C%22date%22%3A%222023-06-16%22%2C%22timestamp%22%3A1686881428454%7D
.cofense.com/	1970-01-20 12:34:43	Name: attr_last Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fxneelo-users-targeted-in-a-multi-stage-phishing-attack%2F%22%2C%22date%22%3A%222023-06-16%22%2C%22timestamp%22%3A1686881428454%7D
cofense.com/	1969-12-31 23:59:59	Name: wp-wpml_current_language Value: en
.techtarget.com/	1970-01-20 12:34:43	Name: __cf_bm Value: 7.jfPhUSyIg9eT7eINgmuRB3zzIYOISN7TOf6vYI96c-1686881428-0-ATfNvQSP67SmF9ZRW1UjQEFIs/YVykwDOZOboSS48daTDlhz5TJL1Iii/NTmq8FULlTYi86gzug1WB13PHlPERo=
www.clarity.ms/	1970-01-20 21:20:17	Name: CLID Value: ff066558750e45bf9464c46f00280f62.20230616.20240615
.cofense.com/	1970-01-20 12:36:07	Name: _gid Value: GA1.2.2107270287.1686881429
.cofense.com/	1970-01-20 12:34:41	Name: _dc_gtm_UA-114787942-1 Value: 1
.ws.zoominfo.com/	1970-01-20 21:20:17	Name: visitorId Value: 8a088afc339935855123be2163a7e04d5eab181a1d7784ab78199bafee4a6b2e
.zoominfo.com/	1970-01-20 12:34:43	Name: __cf_bm Value: puxxORTUWpaeTXCEfrmDg47Iz4apn0FDSeDVv3w0HV4-1686881428-0-AV5yF7cVTj0wOVFgzERetlVLSjkkh8OT3wgQaWkLPSc8CGsxZUzUpf4MVZ55vtw3JJAom1yQjsOUSnvZFjmvmKI=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: giHxL6AeTZpvD8wiXmUAYEOJfCHBXhgWqzDNEruZoHg-1686881428663-0-604800000
.cofense.com/	1970-01-20 22:10:41	Name: _ga Value: GA1.1.1401364592.1686881429
cofense.com/	1970-01-20 12:44:46	Name: _an_uid Value: 0
cofense.com/	1970-01-20 22:10:41	Name: _gd_visitor Value: a36d7e8d-f6ec-48e7-8f45-cd5810ff5a32
cofense.com/	1970-01-20 12:34:55	Name: _gd_session Value: 368dbaae-ce15-4332-8618-b82390093e4e
.cofense.com/	1970-01-20 22:10:41	Name: _mkto_trk Value: id:404-JHU-612&token:_mch-cofense.com-1686881428778-12667
cofense.com/	1970-01-20 12:36:07	Name: ln_or Value: eyIzMDA3MjEiOiJkIn0%3D
.linkedin.com/	1970-01-20 14:44:17	Name: li_sugr Value: c70be8f7-39e8-4464-b31a-f67e3ec4f56b
.linkedin.com/	1970-01-20 21:20:17	Name: bcookie Value: "v=2&aa21ae8d-e915-4cae-81ad-e9c8628206ed"
.linkedin.com/	1970-01-20 12:36:07	Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=2901:u=1:x=1:i=1686881428:t=1686967828:v=2:sig=AQEQJD-8nbop-eLzfHstaGyQRonKixlz"
.cofense.com/	1970-01-20 21:20:17	Name: _clck Value: 17f7h7v\|2\|fci\|0\|1262
.6sc.co/	1970-01-20 22:10:41	Name: 6suuid Value: d0d5ce17320e270094c48b64be03000007743600
.cofense.com/	1970-01-20 22:10:41	Name: _ga_3G76T4W3LR Value: GS1.1.1686881428.1.0.1686881428.60.0.0
.linkedin.com/	1970-01-20 13:17:53	Name: UserMatchHistory Value: AQLrstDArcy7ZAAAAYjB9-cmRj0USApNNIzzGJUVRIV8N1jwa9B9JVEBMmJhgh9SycFsfEDQQjkw2g
.linkedin.com/	1970-01-20 13:17:53	Name: AnalyticsSyncHistory Value: AQJVrdB9KUBL4QAAAYjB9-cm3YRw1wFiWxZQpSiOSEmXM5kI4SK6eTsZKZDt2ypBOlVjQlHP1ZyVK2HvfFJ0fA
.cofense.com/	1970-01-20 12:36:07	Name: _clsk Value: rihc2g\|1686881429441\|1\|1\|g.clarity.ms/collect
.www.linkedin.com/	1970-01-20 21:20:17	Name: bscookie Value: "v=1&20230616021029f0da6eb9-e662-4dc1-8a86-946a606f78a0AQFhAzL3dIEMJw6gQ_fSat_gSZ1PRvZW"
.linkedin.com/	1970-01-20 16:53:53	Name: li_gc Value: MTswOzE2ODY4ODE0Mjk7MjswMjGMkEyXBRthTMfWZHWxlEHWJX9Uh1YVFhNWmxdSfgKurg==
.bing.com/	1970-01-20 21:56:17	Name: MUID Value: 1AFACC173132656B1676DF2530B964FF
.c.bing.com/	1970-01-20 12:44:46	Name: MR Value: 0
.c.bing.com/	1970-01-20 21:56:17	Name: SRM_B Value: 1AFACC173132656B1676DF2530B964FF
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 21:56:17	Name: MUID Value: 1AFACC173132656B1676DF2530B964FF
.c.clarity.ms/	1970-01-20 12:44:46	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 12:34:42	Name: ANONCHK Value: 0
.cofense.com/	1970-01-20 22:10:41	Name: __q_state_H3wWDXLUxD4irieG Value: eyJ1dWlkIjoiYTNmYWEwZGYtMzJjNi00MDA0LTg4MTAtNmNlMjc4YTcwYzU5IiwiY29va2llRG9tYWluIjoiY29mZW5zZS5jb20iLCJtZXNzZW5nZXJFeHBhbmRlZCI6ZmFsc2UsInByb21wdERpc21pc3NlZCI6ZmFsc2UsImNvbnZlcnNhdGlvbklkIjoiMTE2MDEyOTk5NTIyNzcyNjEyMiJ9

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/2022/05/Inter-Medium.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://lltrck.com/scripts/lt-v3.js?llid=19612 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://ep67mn3zn7v.exactdn.com/wp-content/uploads/2023/06/Figure1-1.png.WM-1.png?strip=all&lossy=1&resize=1024%2C1721&ssl=1 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

404-jhu-612.mktoresp.com
app.qualified.com
assets.qualified.com
b.6sc.co
c.6sc.co
c.bing.com
c.clarity.ms
cdn.linkedin.oribi.io
cofense.com
ep67mn3zn7v.exactdn.com
epsilon.6sense.com
extend.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
g.clarity.ms
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.qualified.com
lltrck.com
munchkin.marketo.net
okt.to
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
qualified-production.s3.us-east-1.amazonaws.com
region1.analytics.google.com
secure.adnxs.com
sentry.io
snap.licdn.com
static.oktopost.com
stats.g.doubleclick.net
trk.techtarget.com
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
108.138.36.118
13.107.42.14
141.193.213.20
146.75.118.109
185.89.211.12
192.28.144.124
2001:4860:4802:34::36
23.197.137.224
23.36.162.208
2400:52e0:1e00::1075:1
2600:9000:237d:1800:2:53b2:240:93a1
2606:4700::6810:a852
2606:4700::6812:1005
2606:4700::6812:1105
2606:4700::6812:d9f
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:810::2003
2a00:1450:4001:827::200a
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2008
2a00:1450:400c:c1b::9b
2a02:26f0:3100::1735:28c0
2a02:26f0:3100::1735:28c8
2a02:26f0:7100::210:172
3.5.2.136
34.111.208.231
34.196.185.66
34.200.97.200
35.188.42.15
52.182.214.99
52.206.79.35
52.59.122.211
68.219.88.97
00112d544a1e94d514dbcfe83ac6c1082ef4348c2e176cce56b9edefbfe8a98d
00680538d6e239e5e1b644d3b1242f64ca2473018142604d9a3c91b221038cd2
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874
03c931693d2884fd1d821ee8da925b056afa4a385d0b27bcc561b9d360e2abb3
06c5b21ed6beb8535987a718d67db031fd8f9658a06e347946420fece8a2d845
0800c1bcae9fd7a9ab8bb0fc08bb60392cde06279906b58ba73a9d32c0ef0f8d
080a32473ff3251bc3aacdc6c17674015e6a63fdf9e673ff25404241930ef9a0
08d9e28e5a3cf2a632f0a595610c79ae90f8dc50f3dd17914f2e6ef324b100bf
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
0a828dbd42b518c042d31e8c907ce91c852f06759f79a659341c8c4fa74492b3
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0f02bfc3bc0b8301eb6099b0af18bf0a90a11a50891564a4a6f3697625b3167e
118c43ebad0cf8a8e4d18c0d73316937487c2fc00925652fe977d4dd11bec484
138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47
13ba7d85cedf2d5b14f9091119f9067689bdc33edde1d37a654787d416fbca34
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
198905bddb47215ef14ccde8955cacd96f6b9170681ded0d57305601642da798
19fb8fd435c0bce0c7b49c24d128cce686d4a6bba0de63d34d5effa4e1f644f4
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
21a8d9de57277a54200a816f7c852e39febfb766f6fcecd3d7e8d4c90dd5f55f
2660d715c056a722efa81ed0e917bdad770738e5ac8fe1296cc71a16b053b2ce
2cb2dbcaef23560aab640aaa379e55b607c905a3f8f41b813679e5e503ecdf17
2cc15bc3d3dda4e699624aae9727570dd1cb7cfa4535a074a453e1437e279d21
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
31c0ccd638ccb322587cccfc9b0fead16c8f71c84117557d000982bd35d5abbb
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
35f2fd2da69d4fb87275d7ce76117c573c18ab9c6dbbd08429712af6346c26a3
38c0429f151c63509ad519a07d59304a62c2d72e3ae31ec9557bc7bd60c5e1d4
39eeb47a5d22f99100deb70fc52831d17942755c4e48e1b41f69274c924f3128
3c1a5c4b5574a4104a92b2e700e6f0fc5b001c4297ebc5a1e76d67b1fbeb1c2d
3c60f28ac63eb4fed3d219aba2496cb5da8b96a1db54a8d9b5c87ada17e42c00
3f5eb651e087476c3214a5fbb8b77346f7f0dff068c3d961c6070424746fb9db
40866ec78876a63fea371c77acbb0cf7586aff4bd46a0fb5e801d5f442f62c42
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
448e504be98d9c8d01cf47235e76ca080bc20a7e62199b9591cd264f3a80520f
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
4b9257e3e9c959214ddfab833a69a021ae6557403efe76afcbee259621175274
4fc947cce559d7a19d74d9ceb6e1b7217782cb1a931657d6717efcdeef4c9f42
50f7e438bddecb1aad132731a0ea9a014007cdfcc9915a26ed46afb8e8c2a76c
51f36864e3fb5b3479d50de93d44403cee100c743cb5c97a1da0b924ca671a86
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020
53a793812a7388894854da93c2aa8f961fb238289cd253657b465ebfe530d79f
54b223e455b87c62f46e4bb7586283d9f825ba2e607546769c4e06d5158f2653
5565d96a4b66a49049a7fca5dfc8d26ebe0336778006052124283abb0347be8c
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59b2119f2046aaad5900fe6014b9bb207f255441fd23c51b042f597e89cabee1
5be99a090bad0d26720d462cd38bd7c05ce834fe1d3f886f619903ece0bde331
5ec0edcab83d68a0bbdaaa014ca2eb993bf8bb3eb9eb5291be25e602a0d50e2b
60c30c30b2994c53ef3cabd89167d58914408912f4e7ebefa163997f1603f8f2
667a6ffd7d93f5b62649f4d7debde5d609ac1d1a7696cf0773365284d4ed6b83
6844ea1d998d79155a0763c9946da7c064a293e776d2142c8e91fcacee8542e9
6845df28f29513ec75be0a4ded9a3b837d31204cd8a0a5e2ef26a7fe9053f71a
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6c64f1f61427b7aff7961cee93a0ee95c454274084a3a9e10aed8496929450d5
6e1295510037052987bc341169ff78b1bee8a71b91ec3add8493e591746fd804
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
6ec9bc6ff2373cb7beaa4ee3aab0c309f2d3374acafd7aa72149eb576bdb8d8c
72423590d80306eea128de0a639417fa126541e34ccc4fc2ee2db7c5faae23f8
73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7dd40c1df9167d9d73fb014f4d1b4317e9455e08deb5738e7914e579e7662c78
7ecfcb6364417265a3fe2b85356392477258f5c6c9814085501cba10537b92e5
803404a05c88a11fef303fe387fe99315b437ad7bfa0e54bdea0cdb46045da13
80ae295e1e684f6903ca3b3896fb69550a5051c018482eae7d601f5a270c5f83
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83de9f5aeb882799230afceeb97d4b10b9fcd2cfbece333bc08330d1b8710627
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
880bd0c057b2118ce8870a412c9bbc9c744ecc1ffc2e0cec852f0822467a5468
8908a8114adb7f7825bc1e2b634946bf87489f37c1c82bc2c38bb49b3dda98e2
89b87d53f74bf77c35b63352937c490fa8e07f70eb549d9307ea8e945fc00bc4
8cbc49b1385bf29debe95333f04795a6e3a2cf218d88b415b29872d06491fd1c
8f9de5ce0bd559fccdcf15f73bef8d60af03428ea4c33222985a6644d1351b35
97b233caa8e4cccd9127e23d21dd5c24cf5be67955711980a7e079d2b077b579
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
98207c61fcf676e67a06d6cf9484f341d09c5f23a0ca219529c40c85fae7c319
9987dcc652130026523219440b654a3e307d16f186019031ad60a28d6f73aa2a
999d4cafd1970a72969614e2e533222620ecd840c1a8606a7d3509d403667960
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
a021e5ef7022a556c759cca4e248f10383d65a1cd4df600dae57ea37ca481073
a144b7eb90f5589866d0546b15df7c4473c9ff44b079490e449c0ad96bb82511
a2270e5251bfd3e667d9929bc42f80f0cf667f0c6c39e15f2f2b7cc7b2a326d3
a6dc3ba048207f5858574b196a46bbd908c150589d97855f074f567b3af8d43b
ab33e15010c0647406c907d0673d78ed76bc86e99f0da829fbba15764ae5d64a
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
afc24dfed8f3f2749e5cbe4a86053b55e5c063c23ea09ddf40544a0bfe03ae0c
b4d6f31b12061ce5f7eb43054704209c45634f84c8dcfd0666907f33fa527401
b7026f577e81c8795ae1937bf94458013d76f57ae4d3050958d263b53ae649b3
ba034b0b907ed77dd3d266f6eca07839a0d25012641f0c4a259daeaa6a324607
bfd1efc74ee004a038714e406cb4c87cbe267c51fd4492f940e108eebbe0e7c9
c05a1108c176130e9dff2f6a5ebdb60be1c3e17b5a8f83de35b29f44fb109434
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c1b5e18239636e9eb0b3f7affcfc7e65a5122e67cb56c3711af6258545a93b5a
c3dfc3f03106f85ab56ceaadf44433f35cca4209d64922d50a1c650c90aa60ad
c45f781964e97c179059fb620032eddab4a86bf8af6cd3f7460b2fa839fedb10
c478a21227c8c63ed9b7ecb07c06e3a99cb6e4a253aeed7687fe43d5b0aa13d6
c77732d85f58d3043711126b16c097d4b56bb2a0da1a75d526633a6b34c10427
c85d22b6f7b34795c2daf7b29430762f7ebb504d5897771ff757f2cf23bac895
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cba788c91ad01b850dc3ff5689cf4234757080a656044ec8757dc51c229440ab
cce09b94f024a9f454d77ef89ce7eaf3dc4e54efa358ad7bbbc0f24fed038b3b
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d0ee40eedb99bb4fa8be8aa6825dbc436d3b761c7a49c2e36199039a2557a3eb
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d8ca05b79f50f584d7d9da9273bd20c241ec7eadf0c8592cd37cb3c1afbc7ed6
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
def9a88d4a332592de159183fb036d27d6a7fe94bfd472b69bd694a35201e8d6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47eb53a564c0ad6494d30bcc29fd05742db5874f11ad8d737fedd5f76b89f34
e7559ab7e4e088ec4c76a2777e7d98f4afd7032585a660c10e521dfa931d7273
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611
edf0c45100bd76408c47b7a27b7cc7a85d776b1baf46de9e33f5b90bff9d5ea2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef93de8ca046e4a91a8febec6a6094f1f900ecea5dd2730cccc3bee5a09750eb
f18d03ea1db25769e0297f023bbb4f700a35027e4b26c8ce2cea90dd91956cef
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f4221e726cd903ea62b23099982f627213f319bad4697da681b33ec82d613500
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f59a29fec29f623f2dbb2e96b3fd36aef041bbe8ea187832822d3de57ec493c6
f5df288275b5f604b05fec06b5b90ee3e2eee656a3157c65d099be04a941ad73
f73a370f3d0a4f11a2388b9d5d876f979c921d2d5290460ee6b25b289e63ca8c
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff0ef2b4514a9a824e24181bd336b7b282a0ff614b16dcc9484470aa337c15a2
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

cofense.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

154 Requests

98 %HTTPS

54 %IPv6

29 Domains

40 Subdomains

36 IPs

4 Countries

2448 kBTransfer

5938 kBSize

36 Cookies

7 Outgoing links

Redirected requests

154 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cofense.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

154
Requests

98 %
HTTPS

54 %
IPv6

29
Domains

40
Subdomains

36
IPs

4
Countries

2448 kB
Transfer

5938 kB
Size

36
Cookies

154 HTTP transactions
10 data transactions