urlscan.io logo urlscan.io
SecurityTrails logo

www.reflectiz.com Open in urlscan Pro
88.218.118.12  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Submission: On May 22 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 6 countries across 15 domains to perform 60 HTTP transactions. The main IP is 88.218.118.12, located in Dronten, Netherlands and belongs to UPRESS-DRB, IL. The main domain is www.reflectiz.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 27th 2020. Valid for: 3 months.
This is the only time www.reflectiz.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

40    88.218.118.12 (Dronten, Netherlands)

ASN209622 (UPRESS-DRB, IL)
PTR: s-web01-uk.upress.io
www.reflectiz.com
2    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
3    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)
dc.ads.linkedin.com
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
5    2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:400c:c03::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a02:26f0:f1:29c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
1    2606:4700::6811:d2cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    2600:9000:2047:6800:1f:f723:6fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sc.lfeeder.com
1    2600:9000:21f3:800:1a:2af:6d00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tr.lfeeder.com
1    2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:efcc (United States)

ASN13335 (CLOUDFLARENET, US)
js.usemessages.com
1    2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubspot.com
2    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
Domain Requested by
40 www.reflectiz.com www.reflectiz.com
5 www.google-analytics.com 2 redirects www.reflectiz.com
2 www.google.de www.reflectiz.com
2 www.google.com 2 redirects
2 stats.g.doubleclick.net 2 redirects
2 px.ads.linkedin.com www.reflectiz.com
2 maxcdn.bootstrapcdn.com www.reflectiz.com
1 track.hubspot.com
1 app.hubspot.com js.usemessages.com
1 api.hubspot.com js.usemessages.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.usemessages.com js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 tr.lfeeder.com www.reflectiz.com
1 sc.lfeeder.com www.reflectiz.com
1 js.hs-scripts.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 www.googletagmanager.com www.reflectiz.com
1 www.linkedin.com 1 redirects
1 dc.ads.linkedin.com 1 redirects
60 20
Subject Issuer Validity Valid
reflectiz.com
Let's Encrypt Authority X3		 2020-04-27 -
2020-07-26		 3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-03-04 -
2020-09-04		 6 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-04-28 -
2020-07-21		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-07 -
2020-10-09		 6 months crt.sh
*.lfeeder.com
Amazon		 2019-10-02 -
2020-11-02		 a year crt.sh
hubspot.com
CloudFlare Inc ECC CA-2		 2020-05-15 -
2020-10-09		 5 months crt.sh

This page contains 2 frames:

Primary Page: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Frame ID: 70CFE49C67973CC2060EEFB99AF5E95B
Requests: 59 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/3823784/threads/utk/e7896a5995f94cdd845c2bdb9e76f9d0?uuid=0ec75eb6fd0149009b72aaa429ba9e8d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=reflectiz.com&inApp53=false&messagesUtk=e7896a5995f94cdd845c2bdb9e76f9d0&url=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false
Frame ID: D606A94C23C6F6B76D9C1CBB61E3F805
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

60
Requests

100 %
HTTPS

94 %
IPv6

15
Domains

20
Subdomains

15
IPs

6
Countries

2218 kB
Transfer

3099 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://dc.ads.linkedin.com/collect/?pid=387425&fmt=gif%20https://dc.ads.linkedin.com/collect/?pid=387425&fmt=gif HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D387425%26fmt%3Dgif%2Bhttps%253A%252F%252Fdc.ads.linkedin.com%252Fcollect%252F%253Fpid%253D387425%26fmt%3Dgif%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?pid=387425&fmt=gif+https%3A%2F%2Fdc.ads.linkedin.com%2Fcollect%2F%3Fpid%3D387425&fmt=gif&liSync=true
Request Chain 44
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1949956861&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&dp=%2Fthe-gocgle-web-skimming-campaign%2F&ul=en-us&de=UTF-8&dt=The%20Gocgle%20Malicious%20Campaign%20%E2%80%93%20Reflectiz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABC~&jid=1291397527&gjid=863603991&cid=2008619043.1590141232&tid=UA-108135068-1&_gid=2102108738.1590141232&_r=1&z=1198346940 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_gid=2102108738.1590141232&gjid=863603991&_v=j82&z=1198346940 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_v=j82&z=1198346940 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_v=j82&z=1198346940&slf_rd=1&random=4130406702
Request Chain 47
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1949956861&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&ul=en-us&de=UTF-8&dt=The%20Gocgle%20Malicious%20Campaign%20%E2%80%93%20Reflectiz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABC~&jid=1078160587&gjid=1979856818&cid=2008619043.1590141232&tid=UA-108135068-1&_gid=2102108738.1590141232&_r=1&gtm=2wg5e154MLFFD&z=1040525666 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_gid=2102108738.1590141232&gjid=1979856818&_v=j82&z=1040525666 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_v=j82&z=1040525666 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_v=j82&z=1040525666&slf_rd=1&random=180570707

60 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.reflectiz.com/the-gocgle-web-skimming-campaign/ 		59 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx / PHP/7.2.29
Resource Hash
ee1b317cc0437f1f2d785f59c8e616e0251da2ea4df5a9ef4b9d933569eccd4b

Request headers

:method
GET
:authority
www.reflectiz.com
:scheme
https
:path
/the-gocgle-web-skimming-campaign/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
server
nginx
date
Fri, 22 May 2020 09:53:51 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.2.29
content-encoding
gzip
8alei.css
www.reflectiz.com/wp-content/cache/wpfc-minified/6ylfz5uo/ 		170 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/cache/wpfc-minified/6ylfz5uo/8alei.css
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
4eb812c5aff2110f78d3ab6e3ca11afd1c7b7b7c80c0799d25a8b3721e4fa36a

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Thu, 14 May 2020 15:56:56 GMT
server
nginx
etag
W/"5ebd6a48-2a9c3"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=4.7.0
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
status
200
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
8alei.css
www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/ 		214 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
b7b351a9ec339cc68b004bb0d36a39f8de8a67fc4c1d710a07d07e834d36c1e7

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Thu, 14 May 2020 15:56:56 GMT
server
nginx
etag
W/"5ebd6a48-357b4"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
rgw4.js
www.reflectiz.com/wp-content/cache/wpfc-minified/77bojfxq/ 		194 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/cache/wpfc-minified/77bojfxq/rgw4.js
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
ea5bc2bd10de8ebc31fb8819a2b373433fb429feb394b853016597785f62d53d

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Thu, 21 May 2020 17:00:04 GMT
server
nginx
etag
W/"5ec6b394-3077f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://dc.ads.linkedin.com/collect/?pid=387425&fmt=gif%20https://dc.ads.linkedin.com/collect/?pid=387425&fmt=gif
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D387425%26fmt%3Dgif%2Bhttps%253A%252F%252Fdc.ads.linkedin.com%252Fcollect%252F%253Fpid%253D387425%...
  • https://px.ads.linkedin.com/collect/?pid=387425&fmt=gif+https%3A%2F%2Fdc.ads.linkedin.com%2Fcollect%2F%3Fpid%3D387425&fmt=gif&liSync=true
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect/?pid=387425&fmt=gif+https%3A%2F%2Fdc.ads.linkedin.com%2Fcollect%2F%3Fpid%3D387425&fmt=gif&liSync=true
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
gzip
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
image/gif
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-length
65
x-li-uuid
o47NkAZRERYwC9uamysAAA==
x-li-fabric
prod-lva1

Redirect headers

strict-transport-security
max-age=2592000
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
GALnhgZRERbQyF+/+ioAAA==
pragma
no-cache
x-li-pop
afd-prod-ech2
x-msedge-ref
Ref A: C6A39126B9E645A5A19CD42ECC165633 Ref B: FRAEDGE1121 Ref C: 2020-05-22T09:53:51Z
date
Fri, 22 May 2020 09:53:51 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect/?pid=387425&fmt=gif+https%3A%2F%2Fdc.ads.linkedin.com%2Fcollect%2F%3Fpid%3D387425&fmt=gif&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
cropped-logo-1.png
www.reflectiz.com/wp-content/uploads/2019/05/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2019/05/cropped-logo-1.png
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
1f534b291f3e61279a1a5f336cb1ef677f00db67d2ebf9627dc88524fe822196

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Fri, 24 May 2019 18:45:28 GMT
server
nginx
etag
"5ce83bc8-307c"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
12412
expires
Sat, 22 May 2021 09:53:51 GMT
Gocgle-1.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		336 KB
337 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/Gocgle-1.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
027aa16ef6ef2896e3320ba5f0149cba03ef75a6a25612e91d7b80f797cea2b4

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Thu, 21 May 2020 14:19:50 GMT
server
nginx
etag
"5ec68e06-5417c"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
344444
expires
Sat, 22 May 2021 09:53:51 GMT
The-Gocgle-Family-Website-Attackers-768x243.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/The-Gocgle-Family-Website-Attackers-768x243.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
16db1e4b7ff96c1652e07c6ced3803e8b67be2796340984b1f09204e1d1dc9b2

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Thu, 21 May 2020 14:26:03 GMT
server
nginx
etag
"5ec68f7b-6dd0"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
28112
expires
Sat, 22 May 2021 09:53:51 GMT
Gocgle-malicious-campaign-communication-files-768x215.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/Gocgle-malicious-campaign-communication-files-768x215.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
878c8af0a1aeec268dc20601762d94f30f8d1bba0abb975a87c1a1c883187a88

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Thu, 21 May 2020 14:25:59 GMT
server
nginx
etag
"5ec68f77-5c3e"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
23614
expires
Sat, 22 May 2021 09:53:51 GMT
Goglce-Campaign-Passive-DNS-Replication-768x537.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/Goglce-Campaign-Passive-DNS-Replication-768x537.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
39629e393cb7ef87ec56a5aa55044d2edffd32f4ca5b883998893248760c4e73

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Thu, 21 May 2020 14:26:00 GMT
server
nginx
etag
"5ec68f78-af69"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
44905
expires
Sat, 22 May 2021 09:53:51 GMT
Base64-Technique-The-Gocgle-Campaign-768x158.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/Base64-Technique-The-Gocgle-Campaign-768x158.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
6831c591fbb390195b2b4073e5c41d1578bac45a61688280e0b66f6a1c31ae32

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Thu, 21 May 2020 14:25:58 GMT
server
nginx
etag
"5ec68f76-78f6"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
30966
expires
Sat, 22 May 2021 09:53:51 GMT
Google-VS.-Gocgle-768x272.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/Google-VS.-Gocgle-768x272.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
611441c4938f66067731e45b82a64a735946044a27a7f4b55fcdeadc894dbb51

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Thu, 21 May 2020 14:26:02 GMT
server
nginx
etag
"5ec68f7a-573f"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
22335
expires
Sat, 22 May 2021 09:53:51 GMT
iStock-652199530-20.jpg
www.reflectiz.com/wp-content/uploads/2019/08/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2019/08/iStock-652199530-20.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
f9f51091ad2799ea43a5deaa11d997d4d6dfc60569129bbc660968720f7f1817

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Tue, 20 Aug 2019 10:37:12 GMT
server
nginx
etag
"5d5bcd58-8a7b"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
35451
expires
Sat, 22 May 2021 09:53:51 GMT
iStock-1198479777.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		329 KB
330 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/iStock-1198479777.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
ea5ad300e86c6eb87cb72a99f6893a2f71ec8b45c98cd57f27e55c14026a9afb

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Mon, 04 May 2020 14:13:48 GMT
server
nginx
etag
"5eb0231c-52483"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
337027
expires
Sat, 22 May 2021 09:53:51 GMT
hacking-and-phishing-concept-picture-id1090872318-6.jpg
www.reflectiz.com/wp-content/uploads/2020/03/ 		202 KB
202 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/03/hacking-and-phishing-concept-picture-id1090872318-6.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
f96e2aa2c0925c2467ad178c86b33c37265591109844c21a7cf5750075fc6ff6

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 18 Mar 2020 08:38:55 GMT
server
nginx
etag
"5e71de1f-326de"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
206558
expires
Sat, 22 May 2021 09:53:51 GMT
Coronavirus-Reflectiz-Cybersecurity-Third-Party-Application-Security-Solution-iStock-1212581954.jpg
www.reflectiz.com/wp-content/uploads/2020/03/ 		443 KB
444 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/03/Coronavirus-Reflectiz-Cybersecurity-Third-Party-Application-Security-Solution-iStock-1212581954.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
0f7deea9a4bcba85fef770560453108901209c9e62fbc57475e079015d8a19bf

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Tue, 17 Mar 2020 09:53:12 GMT
server
nginx
etag
"5e709e08-6ebfa"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
453626
expires
Sat, 22 May 2021 09:53:51 GMT
Compliance-for-Third-Party-on-Websites-by-Cert2Connect.jpg
www.reflectiz.com/wp-content/uploads/2020/05/ 		134 KB
134 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/uploads/2020/05/Compliance-for-Third-Party-on-Websites-by-Cert2Connect.jpg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
ac89c864b1f1ad6c8f9249ac40c27278dacb695787f30a88bd83e5bacc66c059

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Mon, 04 May 2020 17:01:26 GMT
server
nginx
etag
"5eb04a66-21712"
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
136978
expires
Sat, 22 May 2021 09:53:51 GMT
logo-footer.png
www.reflectiz.com/wp-content/themes/reflectiz/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/img/logo-footer.png
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
0ef5c08df4334b16efd06cb8ceec99bdd45e336e48fa6e1e9a06366f1f885c47

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Fri, 24 May 2019 22:03:42 GMT
server
nginx
etag
"5ce86a3e-1c30"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
7216
expires
Sat, 22 May 2021 09:53:51 GMT
36.png
www.reflectiz.com/wp-content/plugins/wpfront-scroll-top/images/icons/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/plugins/wpfront-scroll-top/images/icons/36.png
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
ac5964bb2dc09b5996a85b6ac729a845c4b1f91c1844553ef1940915d0e61d33

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 22 May 2019 20:43:25 GMT
server
nginx
etag
"5ce5b46d-976"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
2422
expires
Sat, 22 May 2021 09:53:51 GMT
scripts.js
www.reflectiz.com/wp-content/plugins/contact-form-7/includes/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.8
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
72ebfeb1ce24b152349b7a231f6fc29ff2a2b7a5ede91dcdb80d6b9de1779046

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Fri, 15 May 2020 02:36:20 GMT
server
nginx
etag
W/"5ebe0024-3923"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
wpfront-scroll-top.min.js
www.reflectiz.com/wp-content/plugins/wpfront-scroll-top/js/ 		2 KB
964 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/plugins/wpfront-scroll-top/js/wpfront-scroll-top.min.js?ver=2.0.2
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
df7a9be04349c4b0a3de7ff08de28b2a53b5431f396ff3ce4b13d179d194b192

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 22 May 2019 20:43:25 GMT
server
nginx
etag
W/"5ce5b46d-78f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
modernizr-custom.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/modernizr-custom.js?ver=1.0.0
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 05 Jun 2019 20:20:36 GMT
server
nginx
etag
W/"5cf82414-aa9"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
navigation.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/navigation.js?ver=20151215
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 24 Jan 2018 14:06:59 GMT
server
nginx
etag
W/"5a689303-b97"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
materialize.min.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		162 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/materialize.min.js?ver=01
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
33166ff723c90995023872d8e3eca4990866301a10e943980a7655c17e621066

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 24 Jan 2018 14:06:58 GMT
server
nginx
etag
W/"5a689302-2897c"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
slick.min.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/slick.min.js?ver=01
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 24 Jan 2018 14:06:59 GMT
server
nginx
etag
W/"5a689303-a76f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
jquery.validate.min.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/jquery.validate.min.js?ver=01
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 24 Jan 2018 14:06:58 GMT
server
nginx
etag
W/"5a689302-5add"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
jquery.lettering-0.6.1.min.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		924 B
693 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/jquery.lettering-0.6.1.min.js?ver=01
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
c9bd115d1d0d0871a3e6b701384a903d7bd378313a0504ae94949f5bb21894f0

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 24 Jan 2018 14:06:57 GMT
server
nginx
etag
W/"5a689301-39c"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
aos.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/aos.js?ver=2.3.1
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Sat, 07 Jul 2018 18:40:38 GMT
server
nginx
etag
W/"5b410926-37a3"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
mainscript.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/mainscript.js?ver=01
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
f3fbc900268794930fcf4253c1661aca779f8f57e368113bc7e3ebffbf855b35

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Mon, 11 May 2020 14:28:49 GMT
server
nginx
etag
W/"5eb96121-402e"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
skip-link-focus-fix.js
www.reflectiz.com/wp-content/themes/reflectiz/js/ 		685 B
619 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/js/skip-link-focus-fix.js?ver=20151215
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Wed, 24 Jan 2018 14:06:59 GMT
server
nginx
etag
W/"5a689303-2ad"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
wp-embed.min.js
www.reflectiz.com/wp-includes/js/ 		1 KB
977 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-includes/js/wp-embed.min.js?ver=5.4.1
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Thu, 21 May 2020 16:16:38 GMT
server
nginx
etag
W/"5ec6a966-59a"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2592000
expires
Sun, 21 Jun 2020 09:53:51 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
4516
date
Fri, 22 May 2020 08:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Fri, 22 May 2020 10:38:35 GMT
gtm.js
www.googletagmanager.com/ 		99 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-54MLFFD
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2465aca1a3671bcbdbe685c1ba02e7e5b16d7e3515b89c99cfcce23fb0da786a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36964
x-xss-protection
0
last-modified
Fri, 22 May 2020 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 22 May 2020 09:53:51 GMT
header-bg.png
www.reflectiz.com/wp-content/themes/reflectiz/img/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/img/header-bg.png
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
29b2080c6d172205edddacc1e709b54c0ff829f586cf4cdcfe77959e6a6953af

Request headers

Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Fri, 24 May 2019 21:14:53 GMT
server
nginx
etag
"5ce85ecd-7aaf"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
31407
expires
Sat, 22 May 2021 09:53:51 GMT
clock.svg
www.reflectiz.com/wp-content/themes/reflectiz/img/ 		1 KB
906 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/img/clock.svg
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
460ac7b2a235762cabf2d1befd6a80ec3d9cd258904e6a47fbd788ff80992450

Request headers

Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
last-modified
Mon, 03 Jun 2019 22:38:33 GMT
server
nginx
etag
W/"5cf5a169-515"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=31536000
expires
Sat, 22 May 2021 09:53:51 GMT
montserrat-v13-latin-300.woff2
www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/montserrat-v13-latin-300.woff2
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
ab9241a07a70085385b3b30dbf081ad3296f8a95a48bbf524c5eb74f0fc030a4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
Origin
https://www.reflectiz.com

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 29 May 2019 15:30:12 GMT
server
nginx
etag
"5ceea584-4a2c"
content-type
application/octet-stream
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
18988
expires
Sat, 22 May 2021 09:53:51 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=4.7.0
Origin
https://www.reflectiz.com

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
status
200
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
77171
montserrat-v13-latin-regular.woff2
www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/montserrat-v13-latin-regular.woff2
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
Origin
https://www.reflectiz.com

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 29 May 2019 15:30:12 GMT
server
nginx
etag
"5ceea584-4ae4"
content-type
application/octet-stream
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
19172
expires
Sat, 22 May 2021 09:53:51 GMT
montserrat-v13-latin-500.woff2
www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/montserrat-v13-latin-500.woff2
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
Origin
https://www.reflectiz.com

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 29 May 2019 15:30:12 GMT
server
nginx
etag
"5ceea584-4b48"
content-type
application/octet-stream
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
19272
expires
Sat, 22 May 2021 09:53:51 GMT
montserrat-v13-latin-300italic.woff2
www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/montserrat-v13-latin-300italic.woff2
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
8a8bc347505ebacb1141ff2b952479b1beacfe943752cbe90aa396fe0500fbd9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
Origin
https://www.reflectiz.com

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 29 May 2019 15:30:12 GMT
server
nginx
etag
"5ceea584-4bbc"
content-type
application/octet-stream
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
19388
expires
Sat, 22 May 2021 09:53:51 GMT
montserrat-v13-latin-500italic.woff2
www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-content/themes/reflectiz/fonts/montserrat/montserrat-v13-latin-500italic.woff2
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
11bfeecea66da8d57b9f331728a570a05e24f7b4ccfa7e892cd85cf8648fec10

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/2mpl1dg1/8alei.css
Origin
https://www.reflectiz.com

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Wed, 29 May 2019 15:30:12 GMT
server
nginx
etag
"5ceea584-4ca8"
content-type
application/octet-stream
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
19624
expires
Sat, 22 May 2021 09:53:51 GMT
refill
www.reflectiz.com/wp-json/contact-form-7/v1/contact-forms/1301/ 		2 B
351 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-json/contact-form-7/v1/contact-forms/1301/refill
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/wp-content/cache/wpfc-minified/77bojfxq/rgw4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx / PHP/7.2.29
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
link
<https://www.reflectiz.com/wp-json/>; rel="https://api.w.org/"
x-powered-by
PHP/7.2.29
allow
GET
content-type
application/json; charset=UTF-8
status
200
vary
Accept-Encoding, Origin
x-robots-tag
noindex
access-control-allow-headers
Authorization, Content-Type
access-control-expose-headers
X-WP-Total, X-WP-TotalPages
refill
www.reflectiz.com/wp-json/contact-form-7/v1/contact-forms/2416/ 		2 B
351 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.reflectiz.com/wp-json/contact-form-7/v1/contact-forms/2416/refill
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/wp-content/cache/wpfc-minified/77bojfxq/rgw4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx / PHP/7.2.29
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
link
<https://www.reflectiz.com/wp-json/>; rel="https://api.w.org/"
x-powered-by
PHP/7.2.29
allow
GET
content-type
application/json; charset=UTF-8
status
200
vary
Accept-Encoding, Origin
x-robots-tag
noindex
access-control-allow-headers
Authorization, Content-Type
access-control-expose-headers
X-WP-Total, X-WP-TotalPages
ajax-loader.gif
www.reflectiz.com/wp-content/plugins/contact-form-7/images/ 		847 B
1021 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.reflectiz.com/wp-content/plugins/contact-form-7/images/ajax-loader.gif
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/wp-content/themes/reflectiz/js/materialize.min.js?ver=01
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
88.218.118.12 Dronten, Netherlands, ASN209622 (UPRESS-DRB, IL),
Reverse DNS
s-web01-uk.upress.io
Software
nginx /
Resource Hash
65b72e15d975f67fbd1cb126d57772c06c21fa016e5651b6ce213b26ce0e6877

Request headers

Referer
https://www.reflectiz.com/wp-content/cache/wpfc-minified/6ylfz5uo/8alei.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:51 GMT
last-modified
Fri, 15 May 2020 02:36:20 GMT
server
nginx
etag
"5ebe0024-34f"
content-type
image/gif
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
847
expires
Sat, 22 May 2021 09:53:51 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1949956861&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&dp=%2Fthe-gocgle-web-skimming-campaign%2F...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_gid=2102108738.1590141232&gjid=863603991&_v=j82&z=1198346940
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_v=j82&z=1198346940
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_v=j82&z=1198346940&slf_rd=1&random=4130406702
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_v=j82&z=1198346940&slf_rd=1&random=4130406702
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 May 2020 09:53:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 22 May 2020 09:53:52 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1291397527&_v=j82&z=1198346940&slf_rd=1&random=4130406702
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54MLFFD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 22 May 2020 09:53:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=14405
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
3823784.js
js.hs-scripts.com/ 		1 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/3823784.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-54MLFFD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:d2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fc4d5e0730b531cf020faf9a3798f0843e621a3d13c37266517e5234c692a0b

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
status
200
cf-request-id
02dd66bbb60000e00747b28200000001
server
cloudflare
x-trace
2B23FC1A432BCD6DF2472F856307CF752AA577E473000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.reflectiz.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
5975a70c5d46e007-FRA
expires
Fri, 22 May 2020 09:54:52 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1949956861&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&ul=en-us&de=UTF-8&dt=The%20Gocgle%20Malic...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_gid=2102108738.1590141232&gjid=1979856818&_v=j82&z=1040525666
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_v=j82&z=1040525666
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_v=j82&z=1040525666&slf_rd=1&random=180570707
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_v=j82&z=1040525666&slf_rd=1&random=180570707
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 May 2020 09:53:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 22 May 2020 09:53:52 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-108135068-1&cid=2008619043.1590141232&jid=1078160587&_v=j82&z=1040525666&slf_rd=1&random=180570707
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
lftracker_v1_Xbp1oaE29jL8EdVj.js
sc.lfeeder.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.lfeeder.com/lftracker_v1_Xbp1oaE29jL8EdVj.js
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2047:6800:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8e3873f5418ec9b30cc4cb9945ef09fc2e06dfe807061bf8a5163f9f9cb92f3f

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:17:11 GMT
content-encoding
gzip
last-modified
Tue, 21 Apr 2020 12:32:23 GMT
server
AmazonS3
age
2202
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
FRA53
x-amz-cf-id
EI67xxN6oLrNs2jlD2QmhA2jnZQ_vg_FxOuisUNdTNTvDcWvbRwxnQ==
via
1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
collect
px.ads.linkedin.com/ 		0
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=387425&url=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&time=1590141232072
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
0
x-li-uuid
7PflkAZRERYwoBaKmysAAA==
/
tr.lfeeder.com/ 		43 B
292 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.lfeeder.com/?sid=Xbp1oaE29jL8EdVj&data=eyJnYVRyYWNraW5nSWRzIjpbIlVBLTEwODEzNTA2OC0xIl0sImdhQ2xpZW50SWRzIjpbIjIwMDg2MTkwNDMuMTU5MDE0MTIzMiJdLCJjb250ZXh0Ijp7ImxpYnJhcnkiOnsibmFtZSI6ImxmdHJhY2tlciIsInZlcnNpb24iOiIxLjIuMCJ9LCJwYWdlVXJsIjoiaHR0cHM6Ly93d3cucmVmbGVjdGl6LmNvbS90aGUtZ29jZ2xlLXdlYi1za2ltbWluZy1jYW1wYWlnbi8iLCJyZWZlcnJlciI6IiIsInBhZ2VUaXRsZSI6IlRoZSBHb2NnbGUgTWFsaWNpb3VzIENhbXBhaWduIOKAkyBSZWZsZWN0aXoifSwiZXZlbnQiOiJ0cmFja2luZy1ldmVudCIsImNsaWVudFRpbWVzdGFtcCI6IjIwMjAtMDUtMjJUMDk6NTM6NTIuMTExWiIsImNsaWVudFRpbWV6b25lIjotMTIwLCJzY3JpcHRJZCI6IlhicDFvYUUyOWpMOEVkVmoiLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiYW5vbnltaXplSXAiOmZhbHNlLCJsZkNsaWVudElkIjoiTEYxLjEuMjRhZDhiZWJkNDU2OGU1YS4xNTkwMTQxMjMyMTEwIiwicHJvcGVydGllcyI6e319
Requested by
Host: www.reflectiz.com
URL: https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:800:1a:2af:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
via
1.1 2afacc6ad96dbba3f0b477cd95f16459.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA2-C2
x-cache
LambdaGeneratedResponse from cloudfront
content-type
image/gif
status
200
content-length
43
x-amz-cf-id
24A6Obrq90pwj3eEDIfXR6gh3OitM8N8jhySYL-ANpTleCAQWQ7z-g==
3823784.js
js.hs-banner.com/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/3823784.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3823784.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12a685e2cdfe0deecd784624a9e4de954339f6c8b5dfa878e4b3671b6ab0a0ca

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-goog-hash
crc32c=SfRg3Q==, md5=4fqeGCSLhEZINjdV+l+CvQ==
date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-guploader-uploadid
AAANsUleccjU0PkMSldf_TbMf-VdUAnVKa4a5HKACC7YnEdMNNL6fjCaU488X0L74_sPw5CZQmqzFeq4DGhwvRXWsA
x-goog-storage-class
STANDARD
status
200
access-control-max-age
604800
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
02dd66bc490000bea6b71d5200000001
timing-allow-origin
*
last-modified
Wed, 06 May 2020 21:30:06 GMT
server
cloudflare
etag
W/"e1fa9e18248b844648363755fa5f82bd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation
1588800606448492
access-control-allow-origin
https://www.reflectiz.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
x-goog-stored-content-length
23248
cf-ray
5975a70d4ca9bea6-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Fri, 22 May 2020 09:58:52 GMT
conversations-embed.js
js.usemessages.com/ 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3823784.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:efcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d01b5f570a2075d98f74d64744c5ac1075d2a58008f0a29c7e339b37b9d141b

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
via
1.1 c84ecfd128e1f4c41a53a2b42410f3b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
536
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
cf-request-id
02dd66bc4a0000dfe387b0e200000001
last-modified
Thu, 21 May 2020 07:56:34 UTC
server
cloudflare
etag
W/"3bdc054d3b11c466d69dcb72579ed0b2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
OF827CG.8zbP4v7yASaV_LvWOXyi1CSw
cache-control
max-age=600
x-amz-cf-pop
IAD89-C3
cf-ray
5975a70d4a45dfe3-FRA
x-amz-cf-id
sTwnr8ZmE2pPDtsoouvDa4u7iun2Neq985atxgEle4EIhnTDGnzL5w==
3823784.js
js.hs-analytics.net/analytics/1590141000000/ 		60 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1590141000000/3823784.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/3823784.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79751344b86c4bdc71aba949275d2d0919fd798ac0d9529605dda4683f78aeaf

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
55A61AACC10C5BDA
x-amz-server-side-encryption
AES256
cf-ray
5975a70d4ba20609-FRA
status
200
x-amz-id-2
1k/a0eOgm4IcA3C7KYJ7JLJUwkFQ7JSyqn4UrJojq7o9ju+3K1ZY4LfjkCjfgBIU/Cw0E+upgr4=
last-modified
Wed, 06 May 2020 13:57:56 GMT
server
cloudflare
etag
W/"b72a8847442006b20331d6fbc3390684"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-request-id
02dd66bc4b000006099532d200000001
content-type
text/javascript
expires
Fri, 22 May 2020 09:58:52 GMT
public
api.hubspot.com/livechat-public/v1/message/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=3823784&conversations-embed=static-1.6626&mobile=false&messagesUtk=e7896a5995f94cdd845c2bdb9e76f9d0&traceId=e7896a5995f94cdd845c2bdb9e76f9d0
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a59e7a0efdaa8596e1e9204b63fe5ec6423edb5da222cf684c7b60feb9247c13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
X-HubSpot-Messages-Uri
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/

Response headers

date
Fri, 22 May 2020 09:53:52 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
DYNAMIC
status
200
content-length
1261
cf-request-id
02dd66bcee000005bb21891200000001
server
cloudflare
x-trace
2B258538F6BC93CE6858347E84A7756D5BBC866EEA000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.reflectiz.com
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
5975a70e4b2e05bb-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
e7896a5995f94cdd845c2bdb9e76f9d0
app.hubspot.com/conversations-visitor/3823784/threads/utk/ Frame D606 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/conversations-visitor/3823784/threads/utk/e7896a5995f94cdd845c2bdb9e76f9d0?uuid=0ec75eb6fd0149009b72aaa429ba9e8d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=reflectiz.com&inApp53=false&messagesUtk=e7896a5995f94cdd845c2bdb9e76f9d0&url=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
app.hubspot.com
:scheme
https
:path
/conversations-visitor/3823784/threads/utk/e7896a5995f94cdd845c2bdb9e76f9d0?uuid=0ec75eb6fd0149009b72aaa429ba9e8d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=reflectiz.com&inApp53=false&messagesUtk=e7896a5995f94cdd845c2bdb9e76f9d0&url=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/

Response headers

status
200
date
Fri, 22 May 2020 09:53:52 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d03251b6b3de910c860fc3437718dfb311590141232; expires=Sun, 21-Jun-20 09:53:52 GMT; path=/; domain=.hubspot.com; HttpOnly; SameSite=Lax
x-amz-replication-status
COMPLETED
last-modified
Thu, 21 May 2020 07:56:34 UTC
x-amz-server-side-encryption
AES256
x-amz-version-id
UT14xv2ZI7JkCRVXNIVyMrfarhIU9f9s
etag
W/"d7999326a7df4dff0803b1048337633e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 27eb501c8caff149895f88cac34554af.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C2
x-amz-cf-id
nI1wVypSHMr0EGKS5r_TQKyAD3J6whxnMRO1v_dlxNsXkEZLDwjMIA==
age
739
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
cf-ray
5975a70f9aa5dfd3-FRA
content-encoding
br
cf-request-id
02dd66bdbc0000dfd3bcac1200000001
__ptq.gif
track.hubspot.com/ 		45 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1126678966&v=1.1&a=3823784&rcu=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&pu=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&t=The+Gocgle+Malicious+Campaign+%E2%80%93+Reflectiz&cts=1590141232976&vi=3fb5eaf2dc6740f9f6c8ab6722aec79e&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

cf-ray
5975a71218b2dfd3-FRA
date
Fri, 22 May 2020 09:53:53 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
cf-request-id
02dd66bf530000dfd3bcae2200000001
x-robots-tag
none
collect
www.google-analytics.com/ 		35 B
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j82&a=1949956861&t=timing&_s=2&dl=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&ul=en-us&de=UTF-8&dt=The%20Gocgle%20Malicious%20Campaign%20%E2%80%93%20Reflectiz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1659&pdt=1&dns=1&rrt=0&srt=153&tcp=45&dit=594&clt=595&_gst=211&_gbt=658&_cst=277&_cbt=676&_u=aHDAAUABC~&jid=&gjid=&cid=2008619043.1590141232&tid=UA-108135068-1&_gid=2102108738.1590141232&z=389522577
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 May 2020 19:59:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
222836
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j82&a=1949956861&t=timing&_s=2&dl=https%3A%2F%2Fwww.reflectiz.com%2Fthe-gocgle-web-skimming-campaign%2F&ul=en-us&de=UTF-8&dt=The%20Gocgle%20Malicious%20Campaign%20%E2%80%93%20Reflectiz&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1659&pdt=1&dns=1&rrt=0&srt=153&tcp=45&dit=594&clt=595&_gst=211&_gbt=658&_cst=277&_cbt=676&_u=aHDAAUABC~&jid=&gjid=&cid=2008619043.1590141232&tid=UA-108135068-1&_gid=2102108738.1590141232&gtm=2wg5e154MLFFD&z=1622877124
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.reflectiz.com/the-gocgle-web-skimming-campaign/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 May 2020 19:59:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
222836
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| gtm4wp_datalayer_name object| dataLayer string| em_version boolean| em_track_user string| em_no_track_reason string| disableStr function| __gaTrackerIsOptedOut function| __gaTrackerOptout function| gaOptout string| GoogleAnalyticsObject function| __gaTracker function| ga object| exactmetrics_frontend function| ExactMetrics object| ExactMetricsObject undefined| $ function| jQuery function| ResizeSensor object| StickySidebar object| dataLayer_content function| wpfront_scroll_top_init object| wpcf7 object| Modernizr object| AOS object| wp function| Hammer object| Materialize object| Waves function| validate_field object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| wpfront_scroll_top object| jQuery112404218408426324345 string| _linkedin_data_partner_id object| ldfdr function| lintrk boolean| _already_called_lintrk boolean| hubspot_live_messages_running object| HubSpotConversations object| _hsq object| _hsp boolean| _hspb_loaded object| _paq boolean| _hstc_loaded object| hubspot boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| e

5 Cookies

Domain/Path Name / Value
.reflectiz.com/ Name: _lfa
Value: eyJYYnAxb2FFMjlqTDhFZFZqIjoiTEYxLjEuMjRhZDhiZWJkNDU2OGU1YS4xNTkwMTQxMjMyMTEwIn0%3D
.reflectiz.com/ Name: _gat_UA-108135068-1
Value: 1
.reflectiz.com/ Name: _gid
Value: GA1.2.2102108738.1590141232
.reflectiz.com/ Name: _gat
Value: 1
.reflectiz.com/ Name: _ga
Value: GA1.2.2008619043.1590141232

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.reflectiz.com/wp-content/cache/wpfc-minified/77bojfxq/rgw4.js(Line 57)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubspot.com
app.hubspot.com
dc.ads.linkedin.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.usemessages.com
maxcdn.bootstrapcdn.com
px.ads.linkedin.com
sc.lfeeder.com
snap.licdn.com
stats.g.doubleclick.net
tr.lfeeder.com
track.hubspot.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.reflectiz.com
2001:4de0:ac19::1:b:2a
2600:9000:2047:6800:1f:f723:6fc0:93a1
2600:9000:21f3:800:1a:2af:6d00:93a1
2606:4700::6811:43b0
2606:4700::6811:d2cc
2606:4700::6811:efcc
2606:4700::6812:15bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:801::200e
2a00:1450:4001:806::2004
2a00:1450:4001:81c::2008
2a00:1450:4001:81f::2003
2a00:1450:400c:c03::9a
2a02:26f0:f1:29c::25ea
2a05:f500:10:101::b93f:9105
88.218.118.12
027aa16ef6ef2896e3320ba5f0149cba03ef75a6a25612e91d7b80f797cea2b4
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0ef5c08df4334b16efd06cb8ceec99bdd45e336e48fa6e1e9a06366f1f885c47
0f7deea9a4bcba85fef770560453108901209c9e62fbc57475e079015d8a19bf
11bfeecea66da8d57b9f331728a570a05e24f7b4ccfa7e892cd85cf8648fec10
12a685e2cdfe0deecd784624a9e4de954339f6c8b5dfa878e4b3671b6ab0a0ca
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2
16db1e4b7ff96c1652e07c6ced3803e8b67be2796340984b1f09204e1d1dc9b2
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
1d01b5f570a2075d98f74d64744c5ac1075d2a58008f0a29c7e339b37b9d141b
1f534b291f3e61279a1a5f336cb1ef677f00db67d2ebf9627dc88524fe822196
1fc4d5e0730b531cf020faf9a3798f0843e621a3d13c37266517e5234c692a0b
2465aca1a3671bcbdbe685c1ba02e7e5b16d7e3515b89c99cfcce23fb0da786a
29b2080c6d172205edddacc1e709b54c0ff829f586cf4cdcfe77959e6a6953af
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
33166ff723c90995023872d8e3eca4990866301a10e943980a7655c17e621066
39629e393cb7ef87ec56a5aa55044d2edffd32f4ca5b883998893248760c4e73
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03
460ac7b2a235762cabf2d1befd6a80ec3d9cd258904e6a47fbd788ff80992450
4eb812c5aff2110f78d3ab6e3ca11afd1c7b7b7c80c0799d25a8b3721e4fa36a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
611441c4938f66067731e45b82a64a735946044a27a7f4b55fcdeadc894dbb51
65b72e15d975f67fbd1cb126d57772c06c21fa016e5651b6ce213b26ce0e6877
6831c591fbb390195b2b4073e5c41d1578bac45a61688280e0b66f6a1c31ae32
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
72ebfeb1ce24b152349b7a231f6fc29ff2a2b7a5ede91dcdb80d6b9de1779046
79751344b86c4bdc71aba949275d2d0919fd798ac0d9529605dda4683f78aeaf
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840f575220d6b42197251483e8b3b486bce6f7c4c4bddfff022580d3bb39ce4b
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
878c8af0a1aeec268dc20601762d94f30f8d1bba0abb975a87c1a1c883187a88
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a8bc347505ebacb1141ff2b952479b1beacfe943752cbe90aa396fe0500fbd9
8e3873f5418ec9b30cc4cb9945ef09fc2e06dfe807061bf8a5163f9f9cb92f3f
965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89
a59e7a0efdaa8596e1e9204b63fe5ec6423edb5da222cf684c7b60feb9247c13
ab9241a07a70085385b3b30dbf081ad3296f8a95a48bbf524c5eb74f0fc030a4
ac5964bb2dc09b5996a85b6ac729a845c4b1f91c1844553ef1940915d0e61d33
ac89c864b1f1ad6c8f9249ac40c27278dacb695787f30a88bd83e5bacc66c059
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7b351a9ec339cc68b004bb0d36a39f8de8a67fc4c1d710a07d07e834d36c1e7
c9bd115d1d0d0871a3e6b701384a903d7bd378313a0504ae94949f5bb21894f0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
df7a9be04349c4b0a3de7ff08de28b2a53b5431f396ff3ce4b13d179d194b192
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea5ad300e86c6eb87cb72a99f6893a2f71ec8b45c98cd57f27e55c14026a9afb
ea5bc2bd10de8ebc31fb8819a2b373433fb429feb394b853016597785f62d53d
ee1b317cc0437f1f2d785f59c8e616e0251da2ea4df5a9ef4b9d933569eccd4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3fbc900268794930fcf4253c1661aca779f8f57e368113bc7e3ebffbf855b35
f96e2aa2c0925c2467ad178c86b33c37265591109844c21a7cf5750075fc6ff6
f9f51091ad2799ea43a5deaa11d997d4d6dfc60569129bbc660968720f7f1817
fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c